Using "server.crt" is confusing as one may try to put the server certificate while this is really the client certificate that should be put here. Instead, use "client.cert", "client.key" and "client.pem".
This closes#2062 by clarifying in the docs which auth
header takes precedence:
1st auth=
2nd .netrc
3rd headers=
This precedence order is already tested in test_requests.py,
in the test_basicauth_with_netrc method. Perhaps we should
add further tests for non-basic auth schemes.
Specified the default argument for params that have a default in the docstring
so that the default is easier to see from the code. Modified the docstring in
api.py to match the docstring in sessions.py.
It is not clear that :param verify defaults to True. The way the verify
portion of the docstring is written it looks like it defaults to False, and
you have to pass in True if you'd like the SSL cert to be verified, but the
opposite is the case.
Some malfunctioning HTTP servers may return a qop directive with no token, as
opposed to correctly omitting the qop directive completely. For example:
header: WWW-Authenticate: Digest realm="foobar_api_auth", qop="",
nonce="a12059eaaad0b86ece8f62f04cbafed6", algorithm="MD5",
stale="false"
Prior to this patch, requests would respond with a 'None' Authorization header.
While the server is certainly incorrect, this patch updates requests to be
more tolerant to this kind of shenaniganry. If we receive an empty string for
the value of the qop attribute, we instead treat that as if the qop attribute
was simply not provided.
Closes#2916
urllib3 requires "set_tlsext_host_name" which was only added in
pyOpenSSL 0.13. As some distributions (e.g. Ubuntu 12.04) still ship an
older version enforce the correct minimum version during installation.
Cory Benfield