This also adds certificates for testing purposes and files to make it
easy to generate/regenerate them.
This also replaces an existing test of how we utilize our pool manager
such that we don't connect to badssl.com
Finally, this adds additional context parameters for our pool manager to
account for mTLS certificates used by clients to authenticate to a
server.
Previously, if someone made a request with `verify=False` then made a
request where they expected verification to be enabled to the same host,
they would potentially reuse a connection where TLS had not been
verified.
This fixes that issue.
A URL with excess leading / (path-separator)s would cause urllib3 to
attempt to reparse the request-uri as a full URI with a host and port.
This bypasses that logic in ConnectionPool.urlopen by replacing these
leading /s with just a single /.
Closes#6643
requests.exceptions.JSONDecodeError are not deserializable: calling
`pickle.dumps` followed by `pickle.loads` will trigger an error.
This is particularly a problem in a process pool, as an attempt to
decode json on an invalid json document will result in the entire
process pool crashing.
This is due to the MRO of the `requests.exceptions.JSONDecodeError`
class: the `__reduce__` method called when pickling an instance is not
the one from the JSON library parent: two out of three args expected
for instantiation will be dropped, and the instance can't be
deserialised.
By specifying in the class which parent `__reduce__` method should be
called, the bug is fixed as all args are carried over in the resulting
pickled bytes.
There are two tests here. One demonstrating existing, correct
behavior for `data=bytes`, and another, failing, test for the case
where `data=string` and the string contains multi-byte UTF-8.
Move the trustme import from global scope into the nosan_server fixture
in order to make it possible to deselect the test via command-line
when trustme is not available.
Fix the listen() invocation for the test server not to pass a backlog
value of zero. The value of zero means no backlog which effectively
means that the socket can not accept any connections. This does not
matter for the majority of platforms since the value is only advisory
and the platform tends to go with a bigger backlog anyway. However,
a few platforms (e.g. alpha or riscv Linux) do take the value literally,
and therefore the tests fail since they are unable to connect to
the server.
pytest-httpbin<1.0 ships with a server certificate with a commonName but
no subjectAltName. urllib3 2.0 will stop supporting those in the future,
so we want to upgrade pytest-httpbin.
Unfortunately, `test_https_warnings` was relying on this broken
certificate. With this change, we use `trustme` to create a broken
certificate specifically for this test, so that we can upgrade
pytest-httpbin and make sure that other tests relying on httpbin TLS
support will continue to work with urllib3 2.0.
* disallow nan values in json serialize
* test nan value in json post
* added exception for invalid json in request
* use invalid json exception
* invalid json test
flysee