-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix SNI support with tls_use_host_header
#15384
Conversation
Codecov Report
Flags with carried forward coverage won't be shown. Click here to find out more. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
n00b question: where and how is this used? How are we testing this fix?
This is essentially like ssl_server_name used by sock.connect but for the RequestsWrapper. Used on endpoints that require SNI. To test, we need something like below config to report
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the explanation. I'm still a bit unclear why we have to vendor this class instead of upgrading the dependency.
License
According to this we can't have Apache v2 licensed code inside our BSD3-licensed codebase. I'm double-checking this though.
Tests
If we really want to include this in our code, I think we need a test.
The docstring for the class suggests a test case:
- Make a request to an IP address with the domain as Host header
- Observe that we're not failing.
You can take inspiration from these tests.
Oh, seems they fixed it upstream and merged in August 2023 (after 3 years). It would be better indeed to update the dependency when it gets released (but not sure when). |
haha, I didn't look at the timestamps on the PR, just saw that it was merged 🙈 You wanna ping them about cutting a new release? I could also do it, but probably tmr. |
@ian28223 do you mind if I close this PR? |
fixed upstream requests/toolbelt#293. waiting for new release |
What does this PR do?
Uses the Host header for SNI. This is a variation of
requests_toolbelt.adapters.host_header_ssl
that includes an SNI fix requests/toolbelt#293Motivation
Additional Notes
requests_toolbelt
library and just use below but I'm not sure how to handle licenses involved.Review checklist (to be filled by reviewers)
changelog/
andintegration/
labels attachedqa/skip-qa
label.