From 420420456f6367d051744ddcebcd548d251bbb3e Mon Sep 17 00:00:00 2001
From: Seth Michael Larson <sethmichaellarson@gmail.com>
Date: Wed, 17 Apr 2019 12:46:22 -0500
Subject: [PATCH] urllib3: Release 1.24.2 (#1564)
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified.
* Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510)
* Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
---
src/pip/_vendor/urllib3/__init__.py | 2 +-
src/pip/_vendor/urllib3/contrib/pyopenssl.py | 3 +++
src/pip/_vendor/urllib3/poolmanager.py | 7 +++++--
src/pip/_vendor/urllib3/util/retry.py | 3 ++-
src/pip/_vendor/urllib3/util/ssl_.py | 5 ++++-
5 files changed, 15 insertions(+), 5 deletions(-)
diff --git a/src/pip/_vendor/urllib3/__init__.py b/src/pip/_vendor/urllib3/__init__.py
index 148a9c3..6191546 100644
--- a/src/pip/_vendor/urllib3/__init__.py
+++ b/src/pip/_vendor/urllib3/__init__.py
@@ -27,7 +27,7 @@ from logging import NullHandler
__author__ = 'Andrey Petrov (andrey.petrov@shazow.net)'
__license__ = 'MIT'
-__version__ = '1.24.1'
+__version__ = '1.24.2'
__all__ = (
'HTTPConnectionPool',
diff --git a/src/pip/_vendor/urllib3/contrib/pyopenssl.py b/src/pip/_vendor/urllib3/contrib/pyopenssl.py
index 363667c..fb05afa 100644
--- a/src/pip/_vendor/urllib3/contrib/pyopenssl.py
+++ b/src/pip/_vendor/urllib3/contrib/pyopenssl.py
@@ -184,6 +184,9 @@ def _dnsname_to_stdlib(name):
except idna.core.IDNAError:
return None
+ if ':' in name:
+ return name
+
name = idna_encode(name)
if name is None:
return None
diff --git a/src/pip/_vendor/urllib3/poolmanager.py b/src/pip/_vendor/urllib3/poolmanager.py
index fe5491c..32bd973 100644
--- a/src/pip/_vendor/urllib3/poolmanager.py
+++ b/src/pip/_vendor/urllib3/poolmanager.py
@@ -7,6 +7,7 @@ from ._collections import RecentlyUsedContainer
from .connectionpool import HTTPConnectionPool, HTTPSConnectionPool
from .connectionpool import port_by_scheme
from .exceptions import LocationValueError, MaxRetryError, ProxySchemeUnknown
+from .packages import six
from .packages.six.moves.urllib.parse import urljoin
from .request import RequestMethods
from .util.url import parse_url
@@ -342,8 +343,10 @@ class PoolManager(RequestMethods):
# conn.is_same_host() which may use socket.gethostbyname() in the future.
if (retries.remove_headers_on_redirect
and not conn.is_same_host(redirect_location)):
- for header in retries.remove_headers_on_redirect:
- kw['headers'].pop(header, None)
+ headers = list(six.iterkeys(kw['headers']))
+ for header in headers:
+ if header.lower() in retries.remove_headers_on_redirect:
+ kw['headers'].pop(header, None)
try:
retries = retries.increment(method, url, response=response, _pool=conn)
diff --git a/src/pip/_vendor/urllib3/util/retry.py b/src/pip/_vendor/urllib3/util/retry.py
index e7d0abd..02429ee 100644
--- a/src/pip/_vendor/urllib3/util/retry.py
+++ b/src/pip/_vendor/urllib3/util/retry.py
@@ -179,7 +179,8 @@ class Retry(object):
self.raise_on_status = raise_on_status
self.history = history or tuple()
self.respect_retry_after_header = respect_retry_after_header
- self.remove_headers_on_redirect = remove_headers_on_redirect
+ self.remove_headers_on_redirect = frozenset([
+ h.lower() for h in remove_headers_on_redirect])
def new(self, **kw):
params = dict(
diff --git a/src/pip/_vendor/urllib3/util/ssl_.py b/src/pip/_vendor/urllib3/util/ssl_.py
index dfc553f..d96e893 100644
--- a/src/pip/_vendor/urllib3/util/ssl_.py
+++ b/src/pip/_vendor/urllib3/util/ssl_.py
@@ -327,7 +327,10 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
if e.errno == errno.ENOENT:
raise SSLError(e)
raise
- elif getattr(context, 'load_default_certs', None) is not None:
+
+ # Don't load system certs unless there were no CA certs or
+ # SSLContext object specified manually.
+ elif ssl_context is None and hasattr(context, 'load_default_certs'):
# try to load OS default certs; works well on Windows (require Python3.4+)
context.load_default_certs()
--
2.24.1