[Bug 2091732] Re: Unverified SSL connection might be considered verified
Mauricio Faria de Oliveira
2091732 at bugs.launchpad.net
Fri Dec 20 17:37:14 UTC 2024
$ cat ./test-https-verify.py
#!/usr/bin/python3
import requests
def test_https_verify(session, verify):
"""
Try an HTTPS request to a server with a bad SSL certificate.
If certificate verification is enabled, this _should_ fail.
The bug is, an existing connection (in the connection pool)
that was created by an _unverified_ request can be _reused_
by a _verified_ request, thus the verification is not done
(and what _should_ fail, does not).
"""
try:
session.get('https://self-signed.badssl.com', verify=verify)
except requests.exceptions.SSLError:
if verify:
print("Should Fail (GOOD)")
else:
print("Should NOT Fail (BAD)")
else:
if verify:
print("Should NOT Pass (BAD)")
else:
print("Should Pass (GOOD)")
# If verification is done first, all good.
session_true_false = requests.Session()
print('Test 1A - verification enabled')
test_https_verify(session_true_false, True)
print()
print('Test 1B - verification disabled')
test_https_verify(session_true_false, False)
print()
# If verification is done later, not good
# in the second test, when bug is present.
session_false_true = requests.Session()
print('Test 2A - verification disabled')
test_https_verify(session_false_true, False)
print()
print('Test 2B - verification enabled')
test_https_verify(session_false_true, True)
print()
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to requests in Ubuntu.
https://bugs.launchpad.net/bugs/2091732
Title:
Unverified SSL connection might be considered verified
Status in requests package in Ubuntu:
Fix Released
Status in requests source package in Jammy:
In Progress
Status in requests source package in Noble:
In Progress
Bug description:
WIP.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/2091732/+subscriptions
More information about the foundations-bugs
mailing list