** Changed in: requests (Ubuntu Noble)
Assignee: Mauricio Faria de Oliveira (mfo) => Ioanna Alifieraki (joalif)
** Changed in: requests (Ubuntu Jammy)
Assignee: Mauricio Faria de Oliveira (mfo) => Ioanna Alifieraki (joalif)
--
You received this bug notification because you are a member
** Description changed:
- WIP.
+ [Impact]
+
+ * The HTTPS certificate verification in Python Requests
+may be *incorrectly* ignored if an existing connection
+to the same host previously did *not* use verification.
+
+ [Test Plan]
+
+ * Create session to perform _first_ a request
Note: test packages used above are available in ppa:mfo/lp2091732-lp2091733,
but are still missing patches to address reports of functional regressions
in the upstream project, related to the change for bug 2091733 (not this one),
(6667/6767 [2,3]), although this has not yet been applied for some m
$ cat ./test-https-verify.py
#!/usr/bin/python3
import requests
def test_https_verify(session, verify):
"""
Try an HTTPS request to a server with a bad SSL certificate.
If certificate verification is enabled, this _should_ fail.
The bug is, an existing connection (in the connectio
Noble:
---
Before (one BAD):
$ dpkg -s python3-requests | grep -e Package: -e Version:
Package: python3-requests
Version: 2.31.0+dfsg-1ubuntu1
$ ./test-https-verify.py
Test 1A - verification enabled
Should Fail (GOOD)
Test 1B - verification disabled
/usr/lib/python3/dist-packages/urllib3/connec
Jammy:
---
Before (one BAD):
$ dpkg -s python3-requests python3-urllib3 | grep -e Package: -e Version:
Package: python3-requests
Version: 2.25.1+dfsg-2ubuntu0.1
Package: python3-urllib3
Version: 1.26.5-1~exp1ubuntu0.2
$ ./test-https-verify.py
Test 1A - verification enabled
Should Fail (GOOD)
Te
