[Bug 2091732] Re: Unverified SSL connection might be considered verified
Mauricio Faria de Oliveira
2091732 at bugs.launchpad.net
Fri Dec 20 17:38:04 UTC 2024
Jammy:
---
Before (one BAD):
$ dpkg -s python3-requests python3-urllib3 | grep -e Package: -e Version:
Package: python3-requests
Version: 2.25.1+dfsg-2ubuntu0.1
Package: python3-urllib3
Version: 1.26.5-1~exp1ubuntu0.2
$ ./test-https-verify.py
Test 1A - verification enabled
Should Fail (GOOD)
Test 1B - verification disabled
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1020: InsecureRequestWarning: Unverified HTTPS request is being made to host 'self-signed.badssl.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Should Pass (GOOD)
Test 2A - verification disabled
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1020: InsecureRequestWarning: Unverified HTTPS request is being made to host 'self-signed.badssl.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Should Pass (GOOD)
Test 2B - verification enabled
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1020: InsecureRequestWarning: Unverified HTTPS request is being made to host 'self-signed.badssl.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Should NOT Pass (BAD)
After (all GOOD):
$ dpkg -s python3-requests python3-urllib3 | grep -e Package: -e Version:
Package: python3-requests
Version: 2.25.1+dfsg-2ubuntu0.2
Package: python3-urllib3
Version: 1.26.5-1~exp1ubuntu0.3
$ ./test-https-verify.py
Test 1A - verification enabled
Should Fail (GOOD)
Test 1B - verification disabled
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1033: InsecureRequestWarning: Unverified HTTPS request is being made to host 'self-signed.badssl.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Should Pass (GOOD)
Test 2A - verification disabled
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:1033: InsecureRequestWarning: Unverified HTTPS request is being made to host 'self-signed.badssl.com'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
warnings.warn(
Should Pass (GOOD)
Test 2B - verification enabled
Should Fail (GOOD)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to requests in Ubuntu.
https://bugs.launchpad.net/bugs/2091732
Title:
Unverified SSL connection might be considered verified
Status in requests package in Ubuntu:
Fix Released
Status in requests source package in Jammy:
In Progress
Status in requests source package in Noble:
In Progress
Bug description:
WIP.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/requests/+bug/2091732/+subscriptions
More information about the foundations-bugs
mailing list