This closes#2062 by clarifying in the docs which auth
header takes precedence:
1st auth=
2nd .netrc
3rd headers=
This precedence order is already tested in test_requests.py,
in the test_basicauth_with_netrc method. Perhaps we should
add further tests for non-basic auth schemes.
Specified the default argument for params that have a default in the docstring
so that the default is easier to see from the code. Modified the docstring in
api.py to match the docstring in sessions.py.
It is not clear that :param verify defaults to True. The way the verify
portion of the docstring is written it looks like it defaults to False, and
you have to pass in True if you'd like the SSL cert to be verified, but the
opposite is the case.
Some malfunctioning HTTP servers may return a qop directive with no token, as
opposed to correctly omitting the qop directive completely. For example:
header: WWW-Authenticate: Digest realm="foobar_api_auth", qop="",
nonce="a12059eaaad0b86ece8f62f04cbafed6", algorithm="MD5",
stale="false"
Prior to this patch, requests would respond with a 'None' Authorization header.
While the server is certainly incorrect, this patch updates requests to be
more tolerant to this kind of shenaniganry. If we receive an empty string for
the value of the qop attribute, we instead treat that as if the qop attribute
was simply not provided.
Closes#2916
Python PEP 476 (Enabling certificate verification by default for stdlib http
clients) recommends the use of SSL_CERT_FILE and SSL_CERT_DIR environment
variables to point the OpenSSL library used by Python to use specific
non-default bundle of trusted CA certificates.
https://www.python.org/dev/peps/pep-0476/#trust-database
These variables could not have been used to point scripts using requests to a
different CA bundle. A different variable, REQUESTS_CA_BUNDLE, is read by
requests. CURL_CA_BUNDLE is also used for compatibility with cURL.
This commit makes requests also look at SSL_CERT_FILE and SSL_CERT_DIR. They
are handled as equivalent to REQUESTS_CA_BUNDLE. As REQUESTS_CA_BUNDLE can
point to either certificate file or certificate directory, SSL_CERT_* can also
point to a file or directory. There's no attempt to ensure SSL_CERT_FILE can
only point to a file and SSL_CERT_DIR to a directory. This is similar to how
CURL_CA_BUNDLE is handled - requests allows it to specify certificate
directory, while cURL only allows it to specify certificate file.
Fixes requests issue #2899:
https://github.com/kennethreitz/requests/issues/2899
Cory Benfield