From 9c0db922497bfb5827ba2e604fbcf4f02e248b8e Mon Sep 17 00:00:00 2001 From: Jon Dufresne Date: Fri, 2 Feb 2018 15:49:03 -0800 Subject: [PATCH 1/3] Clarify docs that Requests always uses certs from certifi Since commit 0d7de6430eef0cf09f9662746daf0c28d83f144e, certifi is always used for certificates. Certify became a hard dependency of the package in 628633143d5b8590b1dbdf5371fe81fb8250dffd. Now update the docs to clarify that Request will always use certificates from certifi. --- docs/user/advanced.rst | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/docs/user/advanced.rst b/docs/user/advanced.rst index e3ed5aa9..f3fb45a7 100644 --- a/docs/user/advanced.rst +++ b/docs/user/advanced.rst @@ -274,15 +274,14 @@ If you specify a wrong path or an invalid cert, you'll get a SSLError:: CA Certificates --------------- -By default, Requests bundles a set of root CAs that it trusts, sourced from the -`Mozilla trust store`_. However, these are only updated once for each Requests -version. This means that if you pin a Requests version your certificates can -become extremely out of date. +Requests uses certificates from the package `certifi`_. This allows for users +to update their trusted certificates without changing the version of Requests. -From Requests version 2.4.0 onwards, Requests will attempt to use certificates -from `certifi`_ if it is present on the system. This allows for users to update -their trusted certificates without having to change the code that runs on their -system. +Before version 2.16, Requests bundled a set of root CAs that it trusted, +sourced from the `Mozilla trust store`_. The certificates were only updated +once for each Requests version. When ``certifi`` was not installed, this led to +extremely out-of-date certificate bundles when using significantly older +versions of Requests. For the sake of security we recommend upgrading certifi frequently! From 265ef609d5903151374fba480aa81aafe68126ff Mon Sep 17 00:00:00 2001 From: Jon Dufresne Date: Sat, 17 Feb 2018 06:15:54 -0800 Subject: [PATCH 2/3] Remove remaining references to removed, vendored packages (#4499) As the vendored packages were removing in version 2.16, all remaining doc references should be replaced with newer practices. --- docs/api.rst | 2 +- docs/community/release-process.rst | 17 ++++++++--------- docs/user/advanced.rst | 2 +- docs/user/quickstart.rst | 2 +- requests/help.py | 2 +- 5 files changed, 12 insertions(+), 13 deletions(-) diff --git a/docs/api.rst b/docs/api.rst index c3e00e54..ef84bf60 100644 --- a/docs/api.rst +++ b/docs/api.rst @@ -181,7 +181,7 @@ API Changes logging.basicConfig() # you need to initialize logging, otherwise you will not see anything from requests logging.getLogger().setLevel(logging.DEBUG) - requests_log = logging.getLogger("requests.packages.urllib3") + requests_log = logging.getLogger("urllib3") requests_log.setLevel(logging.DEBUG) requests_log.propagate = True diff --git a/docs/community/release-process.rst b/docs/community/release-process.rst index 2e317ceb..18f71168 100644 --- a/docs/community/release-process.rst +++ b/docs/community/release-process.rst @@ -19,19 +19,18 @@ Breaking changes are changes that break backwards compatibility with prior versions. If the project were to change the ``text`` attribute on a ``Response`` object to a method, that would only happen in a Major release. -Major releases may also include miscellaneous bug fixes and upgrades to -vendored packages. The core developers of Requests are committed to providing -a good user experience. This means we're also committed to preserving -backwards compatibility as much as possible. Major releases will be infrequent -and will need strong justifications before they are considered. +Major releases may also include miscellaneous bug fixes. The core developers of +Requests are committed to providing a good user experience. This means we're +also committed to preserving backwards compatibility as much as possible. Major +releases will be infrequent and will need strong justifications before they are +considered. Minor Releases -------------- -A minor release will not include breaking changes but may include -miscellaneous bug fixes and upgrades to vendored packages. If the previous -version of Requests released was ``v10.2.7`` a minor release would be -versioned as ``v10.3.0``. +A minor release will not include breaking changes but may include miscellaneous +bug fixes. If the previous version of Requests released was ``v10.2.7`` a minor +release would be versioned as ``v10.3.0``. Minor releases will be backwards compatible with releases that have the same major version number. In other words, all versions that would start with diff --git a/docs/user/advanced.rst b/docs/user/advanced.rst index f3fb45a7..e5f7f297 100644 --- a/docs/user/advanced.rst +++ b/docs/user/advanced.rst @@ -950,9 +950,9 @@ passed-through to `urllib3`. We'll make a Transport Adapter that instructs the library to use SSLv3:: import ssl + from urllib3.poolmanager import PoolManager from requests.adapters import HTTPAdapter - from requests.packages.urllib3.poolmanager import PoolManager class Ssl3HttpAdapter(HTTPAdapter): diff --git a/docs/user/quickstart.rst b/docs/user/quickstart.rst index 1a2c6fbf..b0ff231b 100644 --- a/docs/user/quickstart.rst +++ b/docs/user/quickstart.rst @@ -171,7 +171,7 @@ server, you can access ``r.raw``. If you want to do this, make sure you set >>> r = requests.get('https://api.github.com/events', stream=True) >>> r.raw - + >>> r.raw.read(10) '\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\x03' diff --git a/requests/help.py b/requests/help.py index 5440ee61..06e06b2a 100644 --- a/requests/help.py +++ b/requests/help.py @@ -13,7 +13,7 @@ import chardet from . import __version__ as requests_version try: - from .packages.urllib3.contrib import pyopenssl + from urllib3.contrib import pyopenssl except ImportError: pyopenssl = None OpenSSL = None From 6e76aaea4595d7c2a953fea5d624344e8c11f93a Mon Sep 17 00:00:00 2001 From: Kenneth Reitz Date: Thu, 22 Feb 2018 08:34:32 -0500 Subject: [PATCH 3/3] nike Signed-off-by: Kenneth Reitz --- docs/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.rst b/docs/index.rst index ae5f5c7b..7934a298 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -59,7 +59,7 @@ are 100% automatic, thanks to `urllib3 `_. User Testimonials ----------------- -Twitter, Spotify, Microsoft, Amazon, Lyft, BuzzFeed, Reddit, The NSA, Her Majesty's Government, Google, Twilio, Runscope, Mozilla, Heroku, +Nike, Twitter, Spotify, Microsoft, Amazon, Lyft, BuzzFeed, Reddit, The NSA, Her Majesty's Government, Google, Twilio, Runscope, Mozilla, Heroku, PayPal, NPR, Obama for America, Transifex, Native Instruments, The Washington Post, SoundCloud, Kippt, Sony, and Federal U.S. Institutions that prefer to be unnamed claim to use Requests internally.