When _just_ using an SSL context we don't want breaking behavior (#673)
Also don't want to break backwards compat. So when chcking for depreicated values ignore the check on verify_certs. Since it's True. the verify certs will be default true in the ssl_context. And can be turned off in the SSL context when using it.
This commit is contained in:
@@ -80,8 +80,8 @@ class Urllib3HttpConnection(Connection):
|
||||
kw = {}
|
||||
|
||||
# if providing an SSL context, raise error if any other SSL related flag is used
|
||||
if ssl_context and (verify_certs or ca_certs or ssl_version):
|
||||
raise ImproperlyConfigured("When using `ssl_context`, `use_ssl`, `verify_certs`, `ca_certs` and `ssl_version` are not permitted")
|
||||
if ssl_context and (ca_certs or ssl_version or use_ssl):
|
||||
raise ImproperlyConfigured("When using `ssl_context`, `use_ssl`, `ca_certs` and `ssl_version` are not permitted")
|
||||
|
||||
# if ssl_context provided use SSL by default
|
||||
if use_ssl or ssl_context:
|
||||
|
||||
@@ -68,7 +68,6 @@ class TestUrllib3Connection(TestCase):
|
||||
except AttributeError:
|
||||
raise SkipTest("SSL Context not supported in this version of python")
|
||||
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, use_ssl=True)
|
||||
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, verify_certs=True)
|
||||
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, ca_certs="/some/path/to/cert.crt")
|
||||
self.assertRaises(ImproperlyConfigured, Urllib3HttpConnection, ssl_context=ctx, ssl_version=ssl.PROTOCOL_SSLv23)
|
||||
|
||||
|
||||
Reference in New Issue
Block a user