Hello community, here is the log from the commit of package python-httplib2 for openSUSE:Factory checked in at 2017-04-28 10:43:37 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-httplib2 (Old) and /work/SRC/openSUSE:Factory/.python-httplib2.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-httplib2" Fri Apr 28 10:43:37 2017 rev:40 rq:489492 version:0.10.3 Changes: -------- --- /work/SRC/openSUSE:Factory/python-httplib2/python-httplib2.changes 2016-10-22 13:11:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.python-httplib2.new/python-httplib2.changes 2017-04-28 10:43:42.832275240 +0200 @@ -1,0 +2,31 @@ +Wed Apr 19 22:13:57 UTC 2017 - [email protected] + +- Source url must be https. + +------------------------------------------------------------------- +Wed Apr 19 14:16:35 UTC 2017 - [email protected] + +- Spec file cleanups + +------------------------------------------------------------------- +Wed Apr 12 18:16:09 UTC 2017 - [email protected] + +- Update to 0.10.3 + * Fix certificate validation on Python<=2.7.8 without ssl.CertificateError +- Update to 0.10.2 + * Just a reupload of 0.10.1, which was broken for Python3 + because wheel distribution doesn't play well with our 2/3 split code base. +- Update to 0.10.1 + * Remove VeriSign Class 3 CA from trusted certs + * Add IdenTrust DST Root CA X3 + * Support for specifying the SSL protocol version (Python v2) + * On App Engine use urlfetch's default deadline if None is passed. + * Fix TypeError on AppEngine “__init__() got an unexpected keyword argument 'ssl_version’” + * Send SNI data for SSL connections on Python 2.7.9+ + * Verify the server hostname if certificate validation is enabled + * Add proxy_headers argument to ProxyInfo constructor + * Make disable_ssl_certificate_validation work with Python 3.5. + * Fix socket error handling +- Remove httplib2-bnc-818100.patch, merged upstream. + +------------------------------------------------------------------- @@ -5,0 +37,5 @@ + +------------------------------------------------------------------- +Wed Apr 27 14:38:59 UTC 2016 - [email protected] + +- attempt to build multi-python Old: ---- httplib2-0.9.2.tar.gz httplib2-bnc-818100.patch New: ---- httplib2-0.10.3.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-httplib2.spec ++++++ --- /var/tmp/diff_new_pack.bKIC1f/_old 2017-04-28 10:43:43.780141265 +0200 +++ /var/tmp/diff_new_pack.bKIC1f/_new 2017-04-28 10:43:43.784140700 +0200 @@ -1,7 +1,7 @@ # # spec file for package python-httplib2 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,55 +15,60 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # +# Tests require network connection +%bcond_with tests +%{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-httplib2 -Version: 0.9.2 +Version: 0.10.3 Release: 0 Url: https://github.com/httplib2/httplib2 Summary: A Python HTTP client library License: MIT and Apache-2.0 and (MPL-1.1 or GPL-2.0+ or LGPL-2.1+) Group: Development/Libraries/Python -Source: http://pypi.python.org/packages/source/h/httplib2/httplib2-%{version}.tar.gz +Source: https://files.pythonhosted.org/packages/source/h/httplib2/httplib2-%{version}.tar.gz # PATCH-FIX-OPENSUSE: Don't ship private copy of Mozilla NSS certs, use system certs instead (bnc#761162) Patch0: httplib2-use-system-certs.patch -# PATCH-FIX-UPSTREAM: [email protected] -- SSL certificate hostname mismatch is checked only once -Patch1: httplib2-bnc-818100.patch -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildRequires: python-devel +BuildRequires: %{python_module setuptools} +BuildRequires: python-rpm-macros +%if %{with tests} # Test requirements (for ssl module): -#BuildRequires: python -%if 0%{?suse_version} && 0%{?suse_version} <= 1110 -Requires: openssl-certs -%else -Requires: ca-certificates +BuildRequires: python +BuildRequires: python3 %endif -%if 0%{?suse_version} && 0%{?suse_version} <= 1110 -%{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} -%else +Requires: ca-certificates +BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch -%endif +%python_subpackages %description A comprehensive HTTP client library that supports many features left out of other HTTP libraries. + %prep %setup -q -n httplib2-%{version} %patch0 -p1 -%patch1 -p1 %build -python setup.py build +%python_build %install -python setup.py install --prefix=%{_prefix} --root=%{buildroot} +%python_install -#%%check -#python python2/httplib2test.py +%if %{with tests} +%check +%if %have_python2 +python2 python2/httplib2test.py +%endif +%if %have_python2 +python3 python3/httplib2test.py +%endif +%endif -%files +%files %{python_files} %defattr(-,root,root) -%{python_sitelib}/httplib2-%{version}-py%{py_ver}.egg-info +%{python_sitelib}/httplib2-%{version}-py*.egg-info %{python_sitelib}/httplib2 %changelog ++++++ httplib2-0.9.2.tar.gz -> httplib2-0.10.3.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/MANIFEST.in new/httplib2-0.10.3/MANIFEST.in --- old/httplib2-0.9.2/MANIFEST.in 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/MANIFEST.in 1970-01-01 01:00:00.000000000 +0100 @@ -1,3 +0,0 @@ -recursive-include python2 *.py *.txt -recursive-include python3 *.py *.txt -include python2/httplib2/test/*.txt diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/PKG-INFO new/httplib2-0.10.3/PKG-INFO --- old/httplib2-0.9.2/PKG-INFO 2015-09-28 15:55:46.000000000 +0200 +++ new/httplib2-0.10.3/PKG-INFO 2017-02-06 18:58:09.000000000 +0100 @@ -1,8 +1,8 @@ -Metadata-Version: 1.1 +Metadata-Version: 1.0 Name: httplib2 -Version: 0.9.2 +Version: 0.10.3 Summary: A comprehensive HTTP client library. -Home-page: https://github.com/jcgregorio/httplib2 +Home-page: https://github.com/httplib2/httplib2 Author: Joe Gregorio Author-email: [email protected] License: MIT diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2/__init__.py new/httplib2-0.10.3/python2/httplib2/__init__.py --- old/httplib2-0.9.2/python2/httplib2/__init__.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2/__init__.py 2017-02-06 18:53:41.000000000 +0100 @@ -20,9 +20,10 @@ "Jonathan Feinberg", "Blair Zajac", "Sam Ruby", - "Louis Nyffenegger"] + "Louis Nyffenegger", + "Alex Yu"] __license__ = "MIT" -__version__ = "0.9.2" +__version__ = "0.10.3" import re import sys @@ -64,31 +65,54 @@ socks = None # Build the appropriate socket wrapper for ssl +ssl = None +ssl_SSLError = None +ssl_CertificateError = None try: - import ssl # python 2.6 - ssl_SSLError = ssl.SSLError - def _ssl_wrap_socket(sock, key_file, cert_file, - disable_validation, ca_certs): - if disable_validation: - cert_reqs = ssl.CERT_NONE - else: - cert_reqs = ssl.CERT_REQUIRED - # We should be specifying SSL version 3 or TLS v1, but the ssl module - # doesn't expose the necessary knobs. So we need to go with the default - # of SSLv23. + import ssl # python 2.6 +except ImportError: + pass +if ssl is not None: + ssl_SSLError = getattr(ssl, 'SSLError', None) + ssl_CertificateError = getattr(ssl, 'CertificateError', None) + + +def _ssl_wrap_socket(sock, key_file, cert_file, disable_validation, + ca_certs, ssl_version, hostname): + if disable_validation: + cert_reqs = ssl.CERT_NONE + else: + cert_reqs = ssl.CERT_REQUIRED + if ssl_version is None: + ssl_version = ssl.PROTOCOL_SSLv23 + + if hasattr(ssl, 'SSLContext'): # Python 2.7.9 + context = ssl.SSLContext(ssl_version) + context.verify_mode = cert_reqs + context.check_hostname = (cert_reqs != ssl.CERT_NONE) + if cert_file: + context.load_cert_chain(cert_file, key_file) + if ca_certs: + context.load_verify_locations(ca_certs) + return context.wrap_socket(sock, server_hostname=hostname) + else: return ssl.wrap_socket(sock, keyfile=key_file, certfile=cert_file, - cert_reqs=cert_reqs, ca_certs=ca_certs) -except (AttributeError, ImportError): - ssl_SSLError = None - def _ssl_wrap_socket(sock, key_file, cert_file, - disable_validation, ca_certs): - if not disable_validation: - raise CertificateValidationUnsupported( - "SSL certificate validation is not supported without " - "the ssl module installed. To avoid this error, install " - "the ssl module, or explicity disable validation.") - ssl_sock = socket.ssl(sock, key_file, cert_file) - return httplib.FakeSocket(sock, ssl_sock) + cert_reqs=cert_reqs, ca_certs=ca_certs, + ssl_version=ssl_version) + + +def _ssl_wrap_socket_unsupported(sock, key_file, cert_file, disable_validation, + ca_certs, ssl_version, hostname): + if not disable_validation: + raise CertificateValidationUnsupported( + "SSL certificate validation is not supported without " + "the ssl module installed. To avoid this error, install " + "the ssl module, or explicity disable validation.") + ssl_sock = socket.ssl(sock, key_file, cert_file) + return httplib.FakeSocket(sock, ssl_sock) + +if ssl is None: + _ssl_wrap_socket = _ssl_wrap_socket_unsupported if sys.version_info >= (2,3): @@ -162,6 +186,8 @@ self.host = host self.cert = cert +class NotRunningAppEngineEnvironment(HttpLib2Error): pass + # Open Items: # ----------- # Proxy support @@ -749,7 +775,7 @@ bypass_hosts = () def __init__(self, proxy_type, proxy_host, proxy_port, - proxy_rdns=True, proxy_user=None, proxy_pass=None): + proxy_rdns=True, proxy_user=None, proxy_pass=None, proxy_headers=None): """ Args: proxy_type: The type of proxy server. This must be set to one of @@ -770,6 +796,8 @@ proxy_user: The username used to authenticate with the proxy server. proxy_pass: The password used to authenticate with the proxy server. + + proxy_headers: Additional or modified headers for the proxy connect request. """ self.proxy_type = proxy_type self.proxy_host = proxy_host @@ -777,10 +805,11 @@ self.proxy_rdns = proxy_rdns self.proxy_user = proxy_user self.proxy_pass = proxy_pass + self.proxy_headers = proxy_headers def astuple(self): return (self.proxy_type, self.proxy_host, self.proxy_port, - self.proxy_rdns, self.proxy_user, self.proxy_pass) + self.proxy_rdns, self.proxy_user, self.proxy_pass, self.proxy_headers) def isgood(self): return (self.proxy_host != None) and (self.proxy_port != None) @@ -858,6 +887,7 @@ proxy_port = port, proxy_user = username or None, proxy_pass = password or None, + proxy_headers = None, ) @@ -885,7 +915,7 @@ msg = "getaddrinfo returns an empty list" if self.proxy_info and self.proxy_info.isgood(): use_proxy = True - proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass = self.proxy_info.astuple() + proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers = self.proxy_info.astuple() host = proxy_host port = proxy_port @@ -900,7 +930,7 @@ try: if use_proxy: self.sock = socks.socksocket(af, socktype, proto) - self.sock.setproxy(proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass) + self.sock.setproxy(proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers) else: self.sock = socket.socket(af, socktype, proto) self.sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) @@ -911,14 +941,14 @@ if self.debuglevel > 0: print "connect: (%s, %s) ************" % (self.host, self.port) if use_proxy: - print "proxy: %s ************" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass)) + print "proxy: %s ************" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers)) self.sock.connect((self.host, self.port) + sa[2:]) except socket.error, msg: if self.debuglevel > 0: print "connect fail: (%s, %s)" % (self.host, self.port) if use_proxy: - print "proxy: %s" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass)) + print "proxy: %s" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers)) if self.sock: self.sock.close() self.sock = None @@ -938,7 +968,8 @@ """ def __init__(self, host, port=None, key_file=None, cert_file=None, strict=None, timeout=None, proxy_info=None, - ca_certs=None, disable_ssl_certificate_validation=False): + ca_certs=None, disable_ssl_certificate_validation=False, + ssl_version=None): httplib.HTTPSConnection.__init__(self, host, port=port, key_file=key_file, cert_file=cert_file, strict=strict) @@ -949,6 +980,7 @@ self.ca_certs = ca_certs self.disable_ssl_certificate_validation = \ disable_ssl_certificate_validation + self.ssl_version = ssl_version # The following two methods were adapted from https_wrapper.py, released # with the Google Appengine SDK at @@ -1007,7 +1039,7 @@ msg = "getaddrinfo returns an empty list" if self.proxy_info and self.proxy_info.isgood(): use_proxy = True - proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass = self.proxy_info.astuple() + proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers = self.proxy_info.astuple() host = proxy_host port = proxy_port @@ -1023,7 +1055,7 @@ if use_proxy: sock = socks.socksocket(family, socktype, proto) - sock.setproxy(proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass) + sock.setproxy(proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers) else: sock = socket.socket(family, socktype, proto) sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_NODELAY, 1) @@ -1033,11 +1065,12 @@ sock.connect((self.host, self.port)) self.sock =_ssl_wrap_socket( sock, self.key_file, self.cert_file, - self.disable_ssl_certificate_validation, self.ca_certs) + self.disable_ssl_certificate_validation, self.ca_certs, + self.ssl_version, self.host) if self.debuglevel > 0: print "connect: (%s, %s)" % (self.host, self.port) if use_proxy: - print "proxy: %s" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass)) + print "proxy: %s" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers)) if not self.disable_ssl_certificate_validation: cert = self.sock.getpeercert() hostname = self.host.split(':', 0)[0] @@ -1045,7 +1078,7 @@ raise CertificateHostnameMismatch( 'Server presented certificate that does not match ' 'host %s: %s' % (hostname, cert), hostname, cert) - except ssl_SSLError, e: + except (ssl_SSLError, ssl_CertificateError, CertificateHostnameMismatch), e: if sock: sock.close() if self.sock: @@ -1055,7 +1088,7 @@ # to get at more detailed error information, in particular # whether the error is due to certificate validation or # something else (such as SSL protocol mismatch). - if e.errno == ssl.SSL_ERROR_SSL: + if getattr(e, 'errno', None) == ssl.SSL_ERROR_SSL: raise SSLHandshakeError(e) else: raise @@ -1065,7 +1098,7 @@ if self.debuglevel > 0: print "connect fail: (%s, %s)" % (self.host, self.port) if use_proxy: - print "proxy: %s" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass)) + print "proxy: %s" % str((proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers)) if self.sock: self.sock.close() self.sock = None @@ -1079,63 +1112,73 @@ 'https': HTTPSConnectionWithTimeout } -# Use a different connection object for Google App Engine -try: - try: - from google.appengine.api import apiproxy_stub_map - if apiproxy_stub_map.apiproxy.GetStub('urlfetch') is None: - raise ImportError # Bail out; we're not actually running on App Engine. - from google.appengine.api.urlfetch import fetch - from google.appengine.api.urlfetch import InvalidURLError - except (ImportError, AttributeError): - from google3.apphosting.api import apiproxy_stub_map - if apiproxy_stub_map.apiproxy.GetStub('urlfetch') is None: - raise ImportError # Bail out; we're not actually running on App Engine. - from google3.apphosting.api.urlfetch import fetch - from google3.apphosting.api.urlfetch import InvalidURLError - - def _new_fixed_fetch(validate_certificate): - def fixed_fetch(url, payload=None, method="GET", headers={}, - allow_truncated=False, follow_redirects=True, - deadline=None): - if deadline is None: - deadline = socket.getdefaulttimeout() or 5 - return fetch(url, payload=payload, method=method, headers=headers, - allow_truncated=allow_truncated, - follow_redirects=follow_redirects, deadline=deadline, - validate_certificate=validate_certificate) - return fixed_fetch - class AppEngineHttpConnection(httplib.HTTPConnection): - """Use httplib on App Engine, but compensate for its weirdness. +def _new_fixed_fetch(validate_certificate): + def fixed_fetch(url, payload=None, method="GET", headers={}, + allow_truncated=False, follow_redirects=True, + deadline=None): + if deadline is None: + deadline = socket.getdefaulttimeout() + return fetch(url, payload=payload, method=method, headers=headers, + allow_truncated=allow_truncated, + follow_redirects=follow_redirects, deadline=deadline, + validate_certificate=validate_certificate) + return fixed_fetch + + +class AppEngineHttpConnection(httplib.HTTPConnection): + """Use httplib on App Engine, but compensate for its weirdness. + + The parameters key_file, cert_file, proxy_info, ca_certs, + disable_ssl_certificate_validation, and ssl_version are all dropped on + the ground. + """ + def __init__(self, host, port=None, key_file=None, cert_file=None, + strict=None, timeout=None, proxy_info=None, ca_certs=None, + disable_ssl_certificate_validation=False, + ssl_version=None): + httplib.HTTPConnection.__init__(self, host, port=port, + strict=strict, timeout=timeout) - The parameters key_file, cert_file, proxy_info, ca_certs, and - disable_ssl_certificate_validation are all dropped on the ground. - """ - def __init__(self, host, port=None, key_file=None, cert_file=None, - strict=None, timeout=None, proxy_info=None, ca_certs=None, - disable_ssl_certificate_validation=False): - httplib.HTTPConnection.__init__(self, host, port=port, - strict=strict, timeout=timeout) - - class AppEngineHttpsConnection(httplib.HTTPSConnection): - """Same as AppEngineHttpConnection, but for HTTPS URIs.""" - def __init__(self, host, port=None, key_file=None, cert_file=None, - strict=None, timeout=None, proxy_info=None, ca_certs=None, - disable_ssl_certificate_validation=False): - httplib.HTTPSConnection.__init__(self, host, port=port, - key_file=key_file, - cert_file=cert_file, strict=strict, - timeout=timeout) - self._fetch = _new_fixed_fetch( - not disable_ssl_certificate_validation) + +class AppEngineHttpsConnection(httplib.HTTPSConnection): + """Same as AppEngineHttpConnection, but for HTTPS URIs. + + The parameters proxy_info, ca_certs, disable_ssl_certificate_validation, + and ssl_version are all dropped on the ground. + """ + def __init__(self, host, port=None, key_file=None, cert_file=None, + strict=None, timeout=None, proxy_info=None, ca_certs=None, + disable_ssl_certificate_validation=False, + ssl_version=None): + httplib.HTTPSConnection.__init__(self, host, port=port, + key_file=key_file, + cert_file=cert_file, strict=strict, + timeout=timeout) + self._fetch = _new_fixed_fetch( + not disable_ssl_certificate_validation) + +# Use a different connection object for Google App Engine +try: + server_software = os.environ.get('SERVER_SOFTWARE') + if not server_software: + raise NotRunningAppEngineEnvironment() + elif not (server_software.startswith('Google App Engine/') or + server_software.startswith('Development/')): + raise NotRunningAppEngineEnvironment() + + from google.appengine.api import apiproxy_stub_map + if apiproxy_stub_map.apiproxy.GetStub('urlfetch') is None: + raise ImportError # Bail out; we're not actually running on App Engine. + from google.appengine.api.urlfetch import fetch + from google.appengine.api.urlfetch import InvalidURLError # Update the connection classes to use the Googel App Engine specific ones. SCHEME_TO_CONNECTION = { 'http': AppEngineHttpConnection, 'https': AppEngineHttpsConnection } -except (ImportError, AttributeError): +except (ImportError, AttributeError, NotRunningAppEngineEnvironment): pass @@ -1155,7 +1198,8 @@ """ def __init__(self, cache=None, timeout=None, proxy_info=proxy_info_from_environment, - ca_certs=None, disable_ssl_certificate_validation=False): + ca_certs=None, disable_ssl_certificate_validation=False, + ssl_version=None): """If 'cache' is a string then it is used as a directory name for a disk cache. Otherwise it must be an object that supports the same interface as FileCache. @@ -1178,11 +1222,14 @@ If disable_ssl_certificate_validation is true, SSL cert validation will not be performed. + + By default, ssl.PROTOCOL_SSLv23 will be used for the ssl version. """ self.proxy_info = proxy_info self.ca_certs = ca_certs self.disable_ssl_certificate_validation = \ disable_ssl_certificate_validation + self.ssl_version = ssl_version # Map domain name to an httplib connection self.connections = {} @@ -1285,9 +1332,10 @@ err = getattr(e, 'args')[0] else: err = e.errno + if err == errno.ECONNREFUSED: # Connection refused + raise if err in (errno.ENETUNREACH, errno.EADDRNOTAVAIL) and i < RETRIES: continue # retry on potentially transient socket errors - raise except httplib.HTTPException: # Just because the server closed the connection doesn't apparently mean # that the server didn't send a response. @@ -1477,14 +1525,16 @@ proxy_info=proxy_info, ca_certs=self.ca_certs, disable_ssl_certificate_validation= - self.disable_ssl_certificate_validation) + self.disable_ssl_certificate_validation, + ssl_version=self.ssl_version) else: conn = self.connections[conn_key] = connection_type( authority, timeout=self.timeout, proxy_info=proxy_info, ca_certs=self.ca_certs, disable_ssl_certificate_validation= - self.disable_ssl_certificate_validation) + self.disable_ssl_certificate_validation, + ssl_version=self.ssl_version) else: conn = self.connections[conn_key] = connection_type( authority, timeout=self.timeout, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2/cacerts.txt new/httplib2-0.10.3/python2/httplib2/cacerts.txt --- old/httplib2-0.9.2/python2/httplib2/cacerts.txt 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2/cacerts.txt 2017-01-04 21:55:09.000000000 +0100 @@ -102,28 +102,6 @@ 1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 -----END CERTIFICATE----- -# Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Label: "Verisign Class 3 Public Primary Certification Authority" -# Serial: 149843929435818692848040365716851702463 -# MD5 Fingerprint: 10:fc:63:5d:f6:26:3e:0d:f3:25:be:5f:79:cd:67:67 -# SHA1 Fingerprint: 74:2c:31:92:e6:07:e4:24:eb:45:49:54:2b:e1:bb:c5:3e:61:74:e2 -# SHA256 Fingerprint: e7:68:56:34:ef:ac:f6:9a:ce:93:9a:6b:25:5b:7b:4f:ab:ef:42:93:5b:50:a2:65:ac:b5:cb:60:27:e4:4e:70 ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE -BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is -I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G -CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do -lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc -AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k ------END CERTIFICATE----- - # Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority - G2/(c) 1998 VeriSign, Inc. - For authorized use only/VeriSign Trust Network # Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority - G2/(c) 1998 VeriSign, Inc. - For authorized use only/VeriSign Trust Network # Label: "Verisign Class 3 Public Primary Certification Authority - G2" @@ -1800,28 +1778,6 @@ FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== -----END CERTIFICATE----- -# Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Label: "Verisign Class 3 Public Primary Certification Authority" -# Serial: 80507572722862485515306429940691309246 -# MD5 Fingerprint: ef:5a:f1:33:ef:f1:cd:bb:51:02:ee:12:14:4b:96:c4 -# SHA1 Fingerprint: a1:db:63:93:91:6f:17:e4:18:55:09:40:04:15:c7:02:40:b0:ae:6b -# SHA256 Fingerprint: a4:b6:b3:99:6f:c2:f3:06:b3:fd:86:81:bd:63:41:3d:8c:50:09:cc:4f:a3:29:c2:cc:f0:e2:fa:1b:14:03:05 ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE -BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is -I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i -2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ -2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ ------END CERTIFICATE----- - # Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 # Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 # Label: "GlobalSign Root CA - R3" @@ -2181,3 +2137,31 @@ hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI -----END CERTIFICATE----- + +# Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 +# Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 +# Label: "IdenTrust DST Root CA X3" +# Serial: 44AFB080D6A327BA893039862EF8406B +# MD5 Fingerprint: 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5 +# SHA1 Fingerprint: DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 +# SHA256 Fingerprint: 06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2/socks.py new/httplib2-0.10.3/python2/httplib2/socks.py --- old/httplib2-0.9.2/python2/httplib2/socks.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2/socks.py 2017-01-04 21:55:09.000000000 +0100 @@ -177,7 +177,7 @@ auth = self.__proxy[4] + ":" + self.__proxy[5] return "Proxy-Authorization: Basic " + base64.b64encode(auth) - def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None): + def setproxy(self, proxytype=None, addr=None, port=None, rdns=True, username=None, password=None, headers=None): """setproxy(proxytype, addr[, port[, rdns[, username[, password]]]]) Sets the proxy to be used. proxytype - The type of the proxy to be used. Three types @@ -193,8 +193,9 @@ The default is no authentication. password - Password to authenticate with to the server. Only relevant when username is also provided. + headers - Additional or modified headers for the proxy connect request. """ - self.__proxy = (proxytype, addr, port, rdns, username, password) + self.__proxy = (proxytype, addr, port, rdns, username, password, headers) def __negotiatesocks5(self, destaddr, destport): """__negotiatesocks5(self,destaddr,destport) @@ -365,8 +366,17 @@ else: addr = destaddr headers = ["CONNECT ", addr, ":", str(destport), " HTTP/1.1\r\n"] - headers += ["Host: ", destaddr, "\r\n"] - if (self.__proxy[4] != None and self.__proxy[5] != None): + wrote_host_header = False + wrote_auth_header = False + if self.__proxy[6] != None: + for key, val in self.__proxy[6].iteritems(): + headers += [key, ": ", val, "\r\n"] + wrote_host_header = (key.lower() == "host") + wrote_auth_header = (key.lower() == "proxy-authorization") + if not wrote_host_header: + headers += ["Host: ", destaddr, "\r\n"] + if not wrote_auth_header: + if (self.__proxy[4] != None and self.__proxy[5] != None): headers += [self.__getauthheader(), "\r\n"] headers.append("\r\n") self.sendall("".join(headers).encode()) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2/test/miniserver.py new/httplib2-0.10.3/python2/httplib2/test/miniserver.py --- old/httplib2-0.9.2/python2/httplib2/test/miniserver.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2/test/miniserver.py 2017-01-05 01:54:47.000000000 +0100 @@ -2,6 +2,7 @@ import os import select import SimpleHTTPServer +import socket import SocketServer import threading @@ -27,11 +28,23 @@ BaseServer supports the shutdown method directly. """ - def __init__(self, *args, **kwargs): + def __init__(self, use_tls, *args, **kwargs): + self.__use_tls = use_tls SocketServer.TCPServer.__init__(self, *args, **kwargs) self.__is_shut_down = threading.Event() self.__serving = False + def server_bind(self): + SocketServer.TCPServer.server_bind(self) + if self.__use_tls: + import ssl + self.socket = ssl.wrap_socket(self.socket, + os.path.join(os.path.dirname(__file__), 'server.key'), + os.path.join(os.path.dirname(__file__), 'server.pem'), + True + ) + + def serve_forever(self, poll_interval=0.1): """Handle one request at a time until shutdown. @@ -93,8 +106,8 @@ self.close_request(request) -def start_server(handler): - httpd = ShutdownServer(("", 0), handler) +def start_server(handler, use_tls=False): + httpd = ShutdownServer(use_tls, ("", 0), handler) threading.Thread(target=httpd.serve_forever).start() _, port = httpd.socket.getsockname() return httpd, port diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2/test/other_cacerts.txt new/httplib2-0.10.3/python2/httplib2/test/other_cacerts.txt --- old/httplib2-0.9.2/python2/httplib2/test/other_cacerts.txt 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2/test/other_cacerts.txt 2017-01-04 21:55:09.000000000 +0100 @@ -1,70 +1,19 @@ -# Certifcate Authority certificates for validating SSL connections. -# -# This file contains PEM format certificates generated from -# http://mxr.mozilla.org/seamonkey/source/security/nss/lib/ckfw/builtins/certdata.txt -# -# ***** BEGIN LICENSE BLOCK ***** -# Version: MPL 1.1/GPL 2.0/LGPL 2.1 -# -# The contents of this file are subject to the Mozilla Public License Version -# 1.1 (the "License"); you may not use this file except in compliance with -# the License. You may obtain a copy of the License at -# http://www.mozilla.org/MPL/ -# -# Software distributed under the License is distributed on an "AS IS" basis, -# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License -# for the specific language governing rights and limitations under the -# License. -# -# The Original Code is the Netscape security libraries. -# -# The Initial Developer of the Original Code is -# Netscape Communications Corporation. -# Portions created by the Initial Developer are Copyright (C) 1994-2000 -# the Initial Developer. All Rights Reserved. -# -# Contributor(s): -# -# Alternatively, the contents of this file may be used under the terms of -# either the GNU General Public License Version 2 or later (the "GPL"), or -# the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), -# in which case the provisions of the GPL or the LGPL are applicable instead -# of those above. If you wish to allow use of your version of this file only -# under the terms of either the GPL or the LGPL, and not to allow others to -# use your version of this file under the terms of the MPL, indicate your -# decision by deleting the provisions above and replace them with the notice -# and other provisions required by the GPL or the LGPL. If you do not delete -# the provisions above, a recipient may use your version of this file under -# the terms of any one of the MPL, the GPL or the LGPL. -# -# ***** END LICENSE BLOCK ***** - - -Comodo CA Limited, CN=Trusted Certificate Services -================================================== - -----BEGIN CERTIFICATE----- -MIIEQzCCAyugAwIBAgIBATANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJHQjEb -MBkGA1UECAwSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRow -GAYDVQQKDBFDb21vZG8gQ0EgTGltaXRlZDElMCMGA1UEAwwcVHJ1c3RlZCBDZXJ0 -aWZpY2F0ZSBTZXJ2aWNlczAeFw0wNDAxMDEwMDAwMDBaFw0yODEyMzEyMzU5NTla -MH8xCzAJBgNVBAYTAkdCMRswGQYDVQQIDBJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO -BgNVBAcMB1NhbGZvcmQxGjAYBgNVBAoMEUNvbW9kbyBDQSBMaW1pdGVkMSUwIwYD -VQQDDBxUcnVzdGVkIENlcnRpZmljYXRlIFNlcnZpY2VzMIIBIjANBgkqhkiG9w0B -AQEFAAOCAQ8AMIIBCgKCAQEA33FvNlhTWvI2VFeAxHQIIO0Yfyod5jWaHiWsnOWW -fnJSoBVC21ndZHoa0Lh73TkVvFVIxO06AOoxEbrycXQaZ7jPM8yoMa+j49d/vzMt -TGo87IvDktJTdyR0nAducPy9C1t2ul/y/9c3S0pgePfw+spwtOpZqqPOSC+pw7IL -fhdyFgymBwwbOM/JYrc/oJOlh0Hyt3BAd9i+FHzjqMB6juljatEPmsbS9Is6FARW -1O24zG71++IsWL1/T2sr92AkWCTOJu80kTrV44HQsvAEAtdbtz6SrGsSivnkBbA7 -kUlcsutT6vifR4buv5XAwAaf0lteERv0xwQ1KdJVXOTt6wIDAQABo4HJMIHGMB0G -A1UdDgQWBBTFe1i97doladL3WRaoszLAeydb9DAOBgNVHQ8BAf8EBAMCAQYwDwYD -VR0TAQH/BAUwAwEB/zCBgwYDVR0fBHwwejA8oDqgOIY2aHR0cDovL2NybC5jb21v -ZG9jYS5jb20vVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMuY3JsMDqgOKA2hjRo -dHRwOi8vY3JsLmNvbW9kby5uZXQvVHJ1c3RlZENlcnRpZmljYXRlU2VydmljZXMu -Y3JsMA0GCSqGSIb3DQEBBQUAA4IBAQDIk4E7ibSvuIQSTI3S8NtwuleGFTQQuS9/ -HrCoiWChisJ3DFBKmwCL2Iv0QeLQg4pKHBQGsKNoBXAxMKdTmw7pSqBYaWcOrp32 -pSxBvzwGa+RZzG0Q8ZZvH9/0BAKkn0U+yNj6NkZEUD+Cl5EfKNsYEYwq5GWDVxIS -jBc/lDb+XbDABHcTuPQV1T84zJQ6VdCsmPW6AF/ghhmBeC8owH7TzEIK9a5QoNE+ -xqFx7D+gIIxmOom0jtTYsU0lR+4viMi14QVFwL4Ucd56/Y57fU0IlqUSc/Atyjcn -dBInTMu2l+nZrghtWjlA3QVHdWpaIbOjGM9O9y5Xt5hwXsjEeLBi +MIIDBzCCAe+gAwIBAgIJAIw94zvO7fk1MA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV +BAMMD3d3dy5leGFtcGxlLmNvbTAeFw0xNjA2MDQwMjMxMTRaFw0yNjA2MDIwMjMx +MTRaMBoxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBAK3YNcDIwK/wlTa0/iBARvDFOncQ6Jkk+Ymql1HXny7v +mWPFWeLXEW+Zw1NrQEx/SIUGvxpRA+QyhTOhu2Gcwvtqilix/dHgaKgqWEcRYu8m +L70uVDPVgB/kfNI8bpXM1Mz8Crjo0tHw5oUSD3wny8SyT6CYlXVmF923L8c2zdN9 +n9blFgYwxBq2+q+mqOiDErMFbwHES8FNBSWGBXdE1xjBdITtlfeHezmJhj/ylPW1 +7v8HInsv/WqU9DcJYlFxSnK0SZCLFBM/31Ez8O1gCfMlDUFvJoo59GyFqukUjuO1 +uB85wpu27gtcLm/J9X1Md71IxbDupV7a0dDoTvbhO4kCAwEAAaNQME4wHQYDVR0O +BBYEFIHgAmwppZSKLz2peyFSO2kwVobNMB8GA1UdIwQYMBaAFIHgAmwppZSKLz2p +eyFSO2kwVobNMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAJxz+AU/ +Iq8fMEStJ0BgPP1N86W9Jpb7aPMFCYTEZ+nd8hFPhPs4//55J0yIve+1I43MNFFz +yflwwCzrIIhZdkvbsyea6CmlTo4jBc4+ihaDGobYnoNzFhavC47n5kYqJ8Ikyb2W +OMrmNRiaTeSBl0wQmftnnQCbonenjmE1LDuJtE6bCwfFjfLbMxwdWtp/ymOlXsb5 +80XcWwcqc12UHWexYwHFzEJmDfncak/8tjHBsLWMJg5p2sVTY9kVt7TYgSIl+mFb +4WVGrqZd2uTlJkRQQ4pCl+D+PKwadHuV6YI7oxkeajjcHCgbK/ANwW28MXYho6t6 +aWVIN4bWHrZ38kE= -----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2/test/test_ssl_context.py new/httplib2-0.10.3/python2/httplib2/test/test_ssl_context.py --- old/httplib2-0.9.2/python2/httplib2/test/test_ssl_context.py 1970-01-01 01:00:00.000000000 +0100 +++ new/httplib2-0.10.3/python2/httplib2/test/test_ssl_context.py 2017-02-03 20:27:41.000000000 +0100 @@ -0,0 +1,85 @@ +#!/usr/bin/env python2 +import BaseHTTPServer +import logging +import os.path +import ssl +import sys +import unittest + +import httplib2 +from httplib2.test import miniserver + + +logger = logging.getLogger(__name__) + + +class KeepAliveHandler(BaseHTTPServer.BaseHTTPRequestHandler): + """ + Request handler that keeps the HTTP connection open, so that the test can + inspect the resulting SSL connection object + """ + def do_GET(self): + self.send_response(200) + self.send_header("Content-Length", "0") + self.send_header("Connection", "keep-alive") + self.end_headers() + + self.close_connection = 0 + + def log_message(self, s, *args): + # output via logging so nose can catch it + logger.info(s, *args) + + +class HttpsContextTest(unittest.TestCase): + def setUp(self): + if sys.version_info < (2, 7, 9): + if hasattr(self, "skipTest"): + self.skipTest("SSLContext requires Python 2.7.9") + else: + return + + self.ca_certs_path = os.path.join(os.path.dirname(__file__), 'server.pem') + self.httpd, self.port = miniserver.start_server(KeepAliveHandler, True) + + def tearDown(self): + self.httpd.shutdown() + + def testHttpsContext(self): + client = httplib2.Http(ca_certs=self.ca_certs_path) + + # Establish connection to local server + client.request('https://localhost:%d/' % (self.port)) + + # Verify that connection uses a TLS context with the correct hostname + conn = client.connections['https:localhost:%d' % self.port] + + self.assertIsInstance(conn.sock, ssl.SSLSocket) + self.assertTrue(hasattr(conn.sock, 'context')) + self.assertIsInstance(conn.sock.context, ssl.SSLContext) + self.assertTrue(conn.sock.context.check_hostname) + self.assertEqual(conn.sock.server_hostname, 'localhost') + self.assertEqual(conn.sock.context.verify_mode, ssl.CERT_REQUIRED) + self.assertEqual(conn.sock.context.protocol, ssl.PROTOCOL_SSLv23) + + def test_ssl_hostname_mismatch_repeat(self): + # https://github.com/httplib2/httplib2/issues/5 + + # FIXME(temoto): as of 2017-01-05 this is only a reference code, not useful test. + # Because it doesn't provoke described error on my machine. + # Instead `SSLContext.wrap_socket` raises `ssl.CertificateError` + # which was also added to original patch. + + # url host is intentionally different, we provoke ssl hostname mismatch error + url = 'https://127.0.0.1:%d/' % (self.port,) + http = httplib2.Http(ca_certs=self.ca_certs_path, proxy_info=None) + + def once(): + try: + http.request(url) + assert False, 'expected certificate hostname mismatch error' + except Exception as e: + print('%s errno=%s' % (repr(e), getattr(e, 'errno', None))) + + once() + once() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2.egg-info/PKG-INFO new/httplib2-0.10.3/python2/httplib2.egg-info/PKG-INFO --- old/httplib2-0.9.2/python2/httplib2.egg-info/PKG-INFO 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2.egg-info/PKG-INFO 1970-01-01 01:00:00.000000000 +0100 @@ -1,63 +0,0 @@ -Metadata-Version: 1.1 -Name: httplib2 -Version: 0.9.2 -Summary: A comprehensive HTTP client library. -Home-page: https://github.com/jcgregorio/httplib2 -Author: Joe Gregorio -Author-email: [email protected] -License: MIT -Description: - - A comprehensive HTTP client library, ``httplib2`` supports many features left out of other HTTP libraries. - - **HTTP and HTTPS** - HTTPS support is only available if the socket module was compiled with SSL support. - - - **Keep-Alive** - Supports HTTP 1.1 Keep-Alive, keeping the socket open and performing multiple requests over the same connection if possible. - - - **Authentication** - The following three types of HTTP Authentication are supported. These can be used over both HTTP and HTTPS. - - * Digest - * Basic - * WSSE - - **Caching** - The module can optionally operate with a private cache that understands the Cache-Control: - header and uses both the ETag and Last-Modified cache validators. Both file system - and memcached based caches are supported. - - - **All Methods** - The module can handle any HTTP request method, not just GET and POST. - - - **Redirects** - Automatically follows 3XX redirects on GETs. - - - **Compression** - Handles both 'deflate' and 'gzip' types of compression. - - - **Lost update support** - Automatically adds back ETags into PUT requests to resources we have already cached. This implements Section 3.2 of Detecting the Lost Update Problem Using Unreserved Checkout - - - **Unit Tested** - A large and growing set of unit tests. - - -Platform: UNKNOWN -Classifier: Development Status :: 4 - Beta -Classifier: Environment :: Web Environment -Classifier: Intended Audience :: Developers -Classifier: License :: OSI Approved :: MIT License -Classifier: Operating System :: OS Independent -Classifier: Programming Language :: Python -Classifier: Programming Language :: Python :: 3 -Classifier: Topic :: Internet :: WWW/HTTP -Classifier: Topic :: Software Development :: Libraries diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2.egg-info/SOURCES.txt new/httplib2-0.10.3/python2/httplib2.egg-info/SOURCES.txt --- old/httplib2-0.9.2/python2/httplib2.egg-info/SOURCES.txt 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2.egg-info/SOURCES.txt 2017-02-06 17:22:37.000000000 +0100 @@ -2,6 +2,7 @@ setup.py python2/httplib2test.py python2/httplib2test_appengine.py +python2/ssl_protocol_test.py python2/httplib2/__init__.py python2/httplib2/cacerts.txt python2/httplib2/iri2uri.py @@ -15,10 +16,14 @@ python2/httplib2/test/other_cacerts.txt python2/httplib2/test/smoke_test.py python2/httplib2/test/test_no_socket.py +python2/httplib2/test/test_ssl_context.py python2/httplib2/test/brokensocket/socket.py python2/httplib2/test/functional/test_proxies.py python3/httplib2test.py python3/httplib2/__init__.py python3/httplib2/cacerts.txt python3/httplib2/iri2uri.py +python3/httplib2.egg-info/SOURCES.txt +python3/httplib2.egg-info/dependency_links.txt +python3/httplib2.egg-info/top_level.txt python3/httplib2/test/other_cacerts.txt \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2test.py new/httplib2-0.10.3/python2/httplib2test.py --- old/httplib2-0.9.2/python2/httplib2test.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2test.py 2017-01-05 02:31:43.000000000 +0100 @@ -511,25 +511,6 @@ self.assertEqual(200, response.status) self.assertNotEqual(None, response.previous) - def testSslCertValidation(self): - if sys.version_info >= (2, 6): - # Test that we get an ssl.SSLError when specifying a non-existent CA - # certs file. - http = httplib2.Http(ca_certs='/nosuchfile') - self.assertRaises(ssl.SSLError, - http.request, "https://www.google.com/";, "GET") - - # Test that we get a SSLHandshakeError if we try to access - # https;//www.google.com, using a CA cert file that doesn't contain - # the CA Gogole uses (i.e., simulating a cert that's not signed by a - # trusted CA). - other_ca_certs = os.path.join( - os.path.dirname(os.path.abspath(httplib2.__file__ )), - "test", "other_cacerts.txt") - http = httplib2.Http(ca_certs=other_ca_certs) - self.assertRaises(httplib2.SSLHandshakeError, - http.request, "https://www.google.com/";, "GET") - def testSslCertValidationDoubleDots(self): pass # No longer a valid test. @@ -1713,6 +1694,10 @@ for host in ('localhost', '169.254.38.192', 'www.google.com'): self.assertFalse(pi.applies_to(host)) + def test_proxy_headers(self): + headers = {'key0': 'val0', 'key1': 'val1'} + pi = httplib2.ProxyInfo(httplib2.socks.PROXY_TYPE_HTTP, 'localhost', 1234, proxy_headers = headers) + self.assertEquals(pi.proxy_headers, headers) if __name__ == '__main__': unittest.main() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/httplib2test_appengine.py new/httplib2-0.10.3/python2/httplib2test_appengine.py --- old/httplib2-0.9.2/python2/httplib2test_appengine.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python2/httplib2test_appengine.py 2017-01-04 21:55:09.000000000 +0100 @@ -1,22 +1,11 @@ -""" -httplib2test_appengine - -A set of unit tests for httplib2.py on Google App Engine - -""" - -__author__ = "Joe Gregorio ([email protected])" -__copyright__ = "Copyright 2011, Joe Gregorio" +"""Tests for httplib2 on Google App Engine.""" +import mock import os import sys import unittest -# The test resources base uri -base = 'http://bitworking.org/projects/httplib2/test/' -#base = 'http://localhost/projects/httplib2/test/' -cacheDirName = ".cache" -APP_ENGINE_PATH='../../google_appengine' +APP_ENGINE_PATH='/usr/local/google_appengine' sys.path.insert(0, APP_ENGINE_PATH) @@ -24,71 +13,66 @@ dev_appserver.fix_sys_path() from google.appengine.ext import testbed -testbed = testbed.Testbed() -testbed.activate() -testbed.init_urlfetch_stub() -import google.appengine.api +# Ensure that we are not loading the httplib2 version included in the Google +# App Engine SDK. +sys.path.insert(0, os.path.dirname(os.path.realpath(__file__))) -import httplib2 -class AppEngineHttpTest(unittest.TestCase): - def setUp(self): - if os.path.exists(cacheDirName): - [os.remove(os.path.join(cacheDirName, file)) for file in os.listdir(cacheDirName)] - - def test(self): - h = httplib2.Http() - response, content = h.request("http://bitworking.org";) - self.assertEqual(httplib2.SCHEME_TO_CONNECTION['https'], - httplib2.AppEngineHttpsConnection) - self.assertEquals(1, len(h.connections)) - self.assertEquals(response.status, 200) - self.assertEquals(response['status'], '200') - - # It would be great to run the test below, but it really tests the - # aberrant behavior of httplib on App Engine, but that special aberrant - # httplib only appears when actually running on App Engine and not when - # running via the SDK. When running via the SDK the httplib in std lib is - # loaded, which throws a different error when a timeout occurs. - # - #def test_timeout(self): - # # The script waits 3 seconds, so a timeout of more than that should succeed. - # h = httplib2.Http(timeout=7) - # r, c = h.request('http://bitworking.org/projects/httplib2/test/timeout/timeout.cgi') - # - # import httplib - # print httplib.__file__ - # h = httplib2.Http(timeout=1) - # try: - # r, c = h.request('http://bitworking.org/projects/httplib2/test/timeout/timeout.cgi') - # self.fail('Timeout should have raised an exception.') - # except DeadlineExceededError: - # pass - - def test_proxy_info_ignored(self): - h = httplib2.Http(proxy_info='foo.txt') - response, content = h.request("http://bitworking.org";) - self.assertEquals(response.status, 200) +class AberrationsTest(unittest.TestCase): + def setUp(self): + self.testbed = testbed.Testbed() + self.testbed.activate() + self.testbed.init_urlfetch_stub() + + def tearDown(self): + self.testbed.deactivate() + + @mock.patch.dict('os.environ', {'SERVER_SOFTWARE': ''}) + def testConnectionInit(self): + global httplib2 + import httplib2 + self.assertNotEqual( + httplib2.SCHEME_TO_CONNECTION['https'], httplib2.AppEngineHttpsConnection) + self.assertNotEqual( + httplib2.SCHEME_TO_CONNECTION['http'], httplib2.AppEngineHttpConnection) + del globals()['httplib2'] -class AberrationsTest(unittest.TestCase): - def setUp(self): - self.orig_apiproxy_stub_map = google.appengine.api.apiproxy_stub_map - # Force apiproxy_stub_map to None to trigger the test condition. - google.appengine.api.apiproxy_stub_map = None - reload(httplib2) - - def tearDown(self): - google.appengine.api.apiproxy_stub_map = self.orig_apiproxy_stub_map - reload(httplib2) - - def test(self): - self.assertNotEqual(httplib2.SCHEME_TO_CONNECTION['https'], - httplib2.AppEngineHttpsConnection) - self.assertNotEqual(httplib2.SCHEME_TO_CONNECTION['http'], - httplib2.AppEngineHttpConnection) +class AppEngineHttpTest(unittest.TestCase): + + def setUp(self): + self.testbed = testbed.Testbed() + self.testbed.activate() + self.testbed.init_urlfetch_stub() + global httplib2 + import httplib2 + reload(httplib2) + + def tearDown(self): + self.testbed.deactivate() + del globals()['httplib2'] + + def testConnectionInit(self): + self.assertEqual( + httplib2.SCHEME_TO_CONNECTION['https'], httplib2.AppEngineHttpsConnection) + self.assertEqual( + httplib2.SCHEME_TO_CONNECTION['http'], httplib2.AppEngineHttpConnection) + + def testGet(self): + http = httplib2.Http() + response, content = http.request("http://www.google.com";) + self.assertEqual(httplib2.SCHEME_TO_CONNECTION['https'], + httplib2.AppEngineHttpsConnection) + self.assertEquals(1, len(http.connections)) + self.assertEquals(response.status, 200) + self.assertEquals(response['status'], '200') + + def testProxyInfoIgnored(self): + http = httplib2.Http(proxy_info=mock.MagicMock()) + response, content = http.request("http://www.google.com";) + self.assertEquals(response.status, 200) if __name__ == '__main__': diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python2/ssl_protocol_test.py new/httplib2-0.10.3/python2/ssl_protocol_test.py --- old/httplib2-0.9.2/python2/ssl_protocol_test.py 1970-01-01 01:00:00.000000000 +0100 +++ new/httplib2-0.10.3/python2/ssl_protocol_test.py 2017-01-04 21:55:09.000000000 +0100 @@ -0,0 +1,57 @@ +"""Tests for SSL handling in httplib2.""" + +import httplib2 +import os +import ssl +import sys +import unittest + + +class TestSslProtocol(unittest.TestCase): + + def testSslCertValidationWithInvalidCaCert(self): + if sys.version_info >= (2, 6): + http = httplib2.Http(ca_certs='/nosuchfile') + if sys.version_info >= (2, 7): + with self.assertRaises(IOError): + http.request('https://www.google.com/', 'GET') + else: + self.assertRaises( + ssl.SSLError, http.request, 'https://www.google.com/', 'GET') + + def testSslCertValidationWithSelfSignedCaCert(self): + if sys.version_info >= (2, 7): + other_ca_certs = os.path.join( + os.path.dirname(os.path.abspath(httplib2.__file__ )), 'test', + 'other_cacerts.txt') + http = httplib2.Http(ca_certs=other_ca_certs) + if sys.platform != 'darwin': + with self.assertRaises(httplib2.SSLHandshakeError): + http.request('https://www.google.com/', 'GET') + + def testSslProtocolTlsV1AndShouldPass(self): + http = httplib2.Http(ssl_version=ssl.PROTOCOL_TLSv1) + urls = ['https://www.amazon.com', + 'https://www.apple.com', + 'https://www.twitter.com'] + for url in urls: + if sys.version_info >= (2, 7): + self.assertIsNotNone(http.request(uri=url)) + + def testSslProtocolV3AndShouldFailDueToPoodle(self): + http = httplib2.Http(ssl_version=ssl.PROTOCOL_SSLv3) + urls = ['https://www.amazon.com', + 'https://www.apple.com', + 'https://www.twitter.com'] + for url in urls: + if sys.version_info >= (2, 7): + with self.assertRaises(httplib2.SSLHandshakeError): + http.request(url) + try: + http.request(url) + except httplib2.SSLHandshakeError as e: + self.assertTrue('sslv3 alert handshake failure' in str(e)) + + +if __name__ == '__main__': + unittest.main() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python3/httplib2/__init__.py new/httplib2-0.10.3/python3/httplib2/__init__.py --- old/httplib2-0.9.2/python3/httplib2/__init__.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python3/httplib2/__init__.py 2017-02-06 18:53:46.000000000 +0100 @@ -24,7 +24,7 @@ "Louis Nyffenegger", "Mark Pilgrim"] __license__ = "MIT" -__version__ = "0.9.2" +__version__ = "0.10.3" import re import sys @@ -198,7 +198,7 @@ if not isinstance(s, str): return str(s, 'utf-8') return s - + def _parse_cache_control(headers): retval = {} if 'cache-control' in headers: @@ -719,7 +719,7 @@ class ProxyInfo(object): """Collect information required to use a proxy.""" - def __init__(self, proxy_type, proxy_host, proxy_port, proxy_rdns=True, proxy_user=None, proxy_pass=None): + def __init__(self, proxy_type, proxy_host, proxy_port, proxy_rdns=True, proxy_user=None, proxy_pass=None, proxy_headers=None): """ Args: proxy_type: The type of proxy server. This must be set to one of @@ -740,12 +740,14 @@ proxy_user: The username used to authenticate with the proxy server. proxy_pass: The password used to authenticate with the proxy server. + + proxy_headers: Additional or modified headers for the proxy connect request. """ - self.proxy_type, self.proxy_host, self.proxy_port, self.proxy_rdns, self.proxy_user, self.proxy_pass = proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass + self.proxy_type, self.proxy_host, self.proxy_port, self.proxy_rdns, self.proxy_user, self.proxy_pass, self.proxy_headers = proxy_type, proxy_host, proxy_port, proxy_rdns, proxy_user, proxy_pass, proxy_headers def astuple(self): return (self.proxy_type, self.proxy_host, self.proxy_port, self.proxy_rdns, - self.proxy_user, self.proxy_pass) + self.proxy_user, self.proxy_pass, self.proxy_headers) def isgood(self): return socks and (self.proxy_host != None) and (self.proxy_port != None) @@ -798,6 +800,7 @@ proxy_port = port, proxy_user = username or None, proxy_pass = password or None, + proxy_headers = None, ) @@ -815,6 +818,7 @@ def __init__(self, host, port=None, timeout=None, proxy_info=None): http.client.HTTPConnection.__init__(self, host, port=port, timeout=timeout) + # TODO: implement proxy_info self.proxy_info = proxy_info @@ -831,15 +835,19 @@ def __init__(self, host, port=None, key_file=None, cert_file=None, timeout=None, proxy_info=None, ca_certs=None, disable_ssl_certificate_validation=False): + # TODO: implement proxy_info self.proxy_info = proxy_info context = None if ca_certs is None: ca_certs = CA_CERTS - if (cert_file or ca_certs) and not disable_ssl_certificate_validation: + if (cert_file or ca_certs): if not hasattr(ssl, 'SSLContext'): raise CertificateValidationUnsupportedInPython31() context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) - context.verify_mode = ssl.CERT_REQUIRED + if disable_ssl_certificate_validation: + context.verify_mode = ssl.CERT_NONE + else: + context.verify_mode = ssl.CERT_REQUIRED if cert_file: context.load_cert_chain(cert_file, key_file) if ca_certs: @@ -847,7 +855,7 @@ http.client.HTTPSConnection.__init__( self, host, port=port, key_file=key_file, cert_file=cert_file, timeout=timeout, context=context, - check_hostname=True) + check_hostname=disable_ssl_certificate_validation ^ True) SCHEME_TO_CONNECTION = { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python3/httplib2/cacerts.txt new/httplib2-0.10.3/python3/httplib2/cacerts.txt --- old/httplib2-0.9.2/python3/httplib2/cacerts.txt 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python3/httplib2/cacerts.txt 2017-01-04 21:55:09.000000000 +0100 @@ -102,28 +102,6 @@ 1voqZiegDfqnc1zqcPGUIWVEX/r87yloqaKHee9570+sB3c4 -----END CERTIFICATE----- -# Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Label: "Verisign Class 3 Public Primary Certification Authority" -# Serial: 149843929435818692848040365716851702463 -# MD5 Fingerprint: 10:fc:63:5d:f6:26:3e:0d:f3:25:be:5f:79:cd:67:67 -# SHA1 Fingerprint: 74:2c:31:92:e6:07:e4:24:eb:45:49:54:2b:e1:bb:c5:3e:61:74:e2 -# SHA256 Fingerprint: e7:68:56:34:ef:ac:f6:9a:ce:93:9a:6b:25:5b:7b:4f:ab:ef:42:93:5b:50:a2:65:ac:b5:cb:60:27:e4:4e:70 ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEHC65B0Q2Sk0tjjKewPMur8wDQYJKoZIhvcNAQECBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE -BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is -I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G -CSqGSIb3DQEBAgUAA4GBALtMEivPLCYATxQT3ab7/AoRhIzzKBxnki98tsX63/Do -lbwdj2wsqFHMc9ikwFPwTtYmwHYBV4GSXiHx0bH/59AhWM1pF+NEHJwZRDmJXNyc -AA9WjQKZ7aKQRUzkuxCkPfAyAw7xzvjoyVGM5mKf5p/AfbdynMk2OmufTqj/ZA1k ------END CERTIFICATE----- - # Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority - G2/(c) 1998 VeriSign, Inc. - For authorized use only/VeriSign Trust Network # Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority - G2/(c) 1998 VeriSign, Inc. - For authorized use only/VeriSign Trust Network # Label: "Verisign Class 3 Public Primary Certification Authority - G2" @@ -1800,28 +1778,6 @@ FRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA== -----END CERTIFICATE----- -# Issuer: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Subject: O=VeriSign, Inc. OU=Class 3 Public Primary Certification Authority -# Label: "Verisign Class 3 Public Primary Certification Authority" -# Serial: 80507572722862485515306429940691309246 -# MD5 Fingerprint: ef:5a:f1:33:ef:f1:cd:bb:51:02:ee:12:14:4b:96:c4 -# SHA1 Fingerprint: a1:db:63:93:91:6f:17:e4:18:55:09:40:04:15:c7:02:40:b0:ae:6b -# SHA256 Fingerprint: a4:b6:b3:99:6f:c2:f3:06:b3:fd:86:81:bd:63:41:3d:8c:50:09:cc:4f:a3:29:c2:cc:f0:e2:fa:1b:14:03:05 ------BEGIN CERTIFICATE----- -MIICPDCCAaUCEDyRMcsf9tAbDpq40ES/Er4wDQYJKoZIhvcNAQEFBQAwXzELMAkG -A1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFz -cyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2 -MDEyOTAwMDAwMFoXDTI4MDgwMjIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAVBgNV -BAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAzIFB1YmxpYyBQcmlt -YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GN -ADCBiQKBgQDJXFme8huKARS0EN8EQNvjV69qRUCPhAwL0TPZ2RHP7gJYHyX3KqhE -BarsAx94f56TuZoAqiN91qyFomNFx3InzPRMxnVx0jnvT0Lwdd8KkMaOIG+YD/is -I19wKTakyYbnsZogy1Olhec9vn2a/iRFM9x2Fe0PonFkTGUugWhFpwIDAQABMA0G -CSqGSIb3DQEBBQUAA4GBABByUqkFFBkyCEHwxWsKzH4PIRnN5GfcX6kb5sroc50i -2JhucwNhkcV8sEVAbkSdjbCxlnRhLQ2pRdKkkirWmnWXbj9T/UWZYB2oK0z5XqcJ -2HUw19JlYD1n1khVdWk/kfVIC0dpImmClr7JyDiGSnoscxlIaU5rfGW/D/xwzoiQ ------END CERTIFICATE----- - # Issuer: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 # Subject: CN=GlobalSign O=GlobalSign OU=GlobalSign Root CA - R3 # Label: "GlobalSign Root CA - R3" @@ -2181,3 +2137,31 @@ hdVddLHRDiBYmxOlsGOm7XtH/UVVMKTumtTm4ofvmMkyghEpIrwACjFeLQ/Ajulr so8uBtjRkcfGEvRM/TAXw8HaOFvjqermobp573PYtlNXLfbQ4ddI -----END CERTIFICATE----- + +# Issuer: O=Digital Signature Trust Co., CN=DST Root CA X3 +# Subject: O=Digital Signature Trust Co., CN=DST Root CA X3 +# Label: "IdenTrust DST Root CA X3" +# Serial: 44AFB080D6A327BA893039862EF8406B +# MD5 Fingerprint: 41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5 +# SHA1 Fingerprint: DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13 +# SHA256 Fingerprint: 06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39 +-----BEGIN CERTIFICATE----- +MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/ +MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT +DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow +PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD +Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O +rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq +OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b +xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw +7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD +aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV +HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG +SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69 +ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr +AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz +R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5 +JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo +Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ +-----END CERTIFICATE----- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python3/httplib2.egg-info/SOURCES.txt new/httplib2-0.10.3/python3/httplib2.egg-info/SOURCES.txt --- old/httplib2-0.9.2/python3/httplib2.egg-info/SOURCES.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/httplib2-0.10.3/python3/httplib2.egg-info/SOURCES.txt 2017-02-03 22:16:01.000000000 +0100 @@ -0,0 +1,29 @@ +MANIFEST.in +setup.py +python2/httplib2test.py +python2/httplib2test_appengine.py +python2/ssl_protocol_test.py +python2/httplib2/__init__.py +python2/httplib2/cacerts.txt +python2/httplib2/iri2uri.py +python2/httplib2/socks.py +python2/httplib2.egg-info/SOURCES.txt +python2/httplib2.egg-info/dependency_links.txt +python2/httplib2.egg-info/top_level.txt +python2/httplib2/test/__init__.py +python2/httplib2/test/miniserver.py +python2/httplib2/test/other_cacerts.txt +python2/httplib2/test/smoke_test.py +python2/httplib2/test/test_no_socket.py +python2/httplib2/test/test_ssl_context.py +python2/httplib2/test/brokensocket/socket.py +python2/httplib2/test/functional/test_proxies.py +python3/httplib2test.py +python3/httplib2/__init__.py +python3/httplib2/cacerts.txt +python3/httplib2/iri2uri.py +python3/httplib2.egg-info/PKG-INFO +python3/httplib2.egg-info/SOURCES.txt +python3/httplib2.egg-info/dependency_links.txt +python3/httplib2.egg-info/top_level.txt +python3/httplib2/test/other_cacerts.txt \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python3/httplib2.egg-info/dependency_links.txt new/httplib2-0.10.3/python3/httplib2.egg-info/dependency_links.txt --- old/httplib2-0.9.2/python3/httplib2.egg-info/dependency_links.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/httplib2-0.10.3/python3/httplib2.egg-info/dependency_links.txt 2017-02-03 22:16:01.000000000 +0100 @@ -0,0 +1 @@ + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python3/httplib2.egg-info/top_level.txt new/httplib2-0.10.3/python3/httplib2.egg-info/top_level.txt --- old/httplib2-0.9.2/python3/httplib2.egg-info/top_level.txt 1970-01-01 01:00:00.000000000 +0100 +++ new/httplib2-0.10.3/python3/httplib2.egg-info/top_level.txt 2017-02-03 22:16:01.000000000 +0100 @@ -0,0 +1 @@ +httplib2 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/python3/httplib2test.py new/httplib2-0.10.3/python3/httplib2test.py --- old/httplib2-0.9.2/python3/httplib2test.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/python3/httplib2test.py 2017-01-04 21:55:09.000000000 +0100 @@ -1625,6 +1625,10 @@ pi = httplib2.proxy_info_from_environment() self.assertEqual(pi, None) + def test_proxy_headers(self): + headers = {'key0': 'val0', 'key1': 'val1'} + pi = httplib2.ProxyInfo(httplib2.socks.PROXY_TYPE_HTTP, 'localhost', 1234, proxy_headers = headers) + self.assertEqual(pi.proxy_headers, headers) if __name__ == '__main__': unittest.main() diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/setup.cfg new/httplib2-0.10.3/setup.cfg --- old/httplib2-0.9.2/setup.cfg 2015-09-28 15:55:46.000000000 +0200 +++ new/httplib2-0.10.3/setup.cfg 1970-01-01 01:00:00.000000000 +0100 @@ -1,5 +0,0 @@ -[egg_info] -tag_build = -tag_date = 0 -tag_svn_revision = 0 - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/httplib2-0.9.2/setup.py new/httplib2-0.10.3/setup.py --- old/httplib2-0.9.2/setup.py 2015-09-28 15:55:45.000000000 +0200 +++ new/httplib2-0.10.3/setup.py 2017-02-06 18:53:33.000000000 +0100 @@ -5,13 +5,13 @@ import sys pkgdir = {'': 'python%s' % sys.version_info[0]} -VERSION = '0.9.2' +VERSION = '0.10.3' setup(name='httplib2', version=VERSION, author='Joe Gregorio', author_email='[email protected]', - url='https://github.com/jcgregorio/httplib2', + url='https://github.com/httplib2/httplib2', description='A comprehensive HTTP client library.', license='MIT', long_description=""" ++++++ httplib2-use-system-certs.patch ++++++ --- /var/tmp/diff_new_pack.bKIC1f/_old 2017-04-28 10:43:43.912122611 +0200 +++ /var/tmp/diff_new_pack.bKIC1f/_new 2017-04-28 10:43:43.912122611 +0200 @@ -43,18 +43,21 @@ def _get_end2end_headers(response): hopbyhop = list(HOP_BY_HOP) -@@ -833,13 +832,17 @@ class HTTPSConnectionWithTimeout(http.cl - ca_certs=None, disable_ssl_certificate_validation=False): +@@ -838,16 +837,17 @@ + # TODO: implement proxy_info self.proxy_info = proxy_info context = None - if ca_certs is None: - ca_certs = CA_CERTS -- if (cert_file or ca_certs) and not disable_ssl_certificate_validation: -+ if not disable_ssl_certificate_validation: +- if (cert_file or ca_certs): ++ if True: if not hasattr(ssl, 'SSLContext'): raise CertificateValidationUnsupportedInPython31() - context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) -- context.verify_mode = ssl.CERT_REQUIRED +- if disable_ssl_certificate_validation: +- context.verify_mode = ssl.CERT_NONE +- else: +- context.verify_mode = ssl.CERT_REQUIRED + + cafile = ca_certs + capath = None
