[PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (#7698) by patchback[bot] · Pull Request #8043 · aio-libs/aiohttp

patchback · 2024-01-20T22:50:42Z

This is a backport of PR #8042 as merged into 3.10 (4b91b53).

Currently, the valid types of ssl parameter are SSLContext, Literal[False], Fingerprint or None.

If user sets ssl = False, we disable ssl certificate validation which makes total sense. But if user set ssl = True by mistake, instead of enabling ssl certificate validation or raising errors, we silently disable the validation too which is a little subtle but weird.

In this PR, we added a check that if user sets ssl=True, we enable certificate validation by treating it as using Default SSL Context.

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Sviatoslav Sydorenko [email protected]
Co-authored-by: Sam Bull [email protected]
Co-authored-by: J. Nick Koston [email protected]
Co-authored-by: Sam Bull [email protected]
(cherry picked from commit 9e14ea1)

What do these changes do?

Are there changes in behavior for the user?

Related issue number

Checklist

I think the code is well written
Unit tests for the changes exist
Documentation reflects the changes
If you provide code modification, please add yourself to CONTRIBUTORS.txt
- The format is <Name> <Surname>.
- Please keep alphabetical order, the file is sorted by names.
Add a new news fragment into the CHANGES folder
- name it <issue_id>.<type> for example (588.bugfix)
- if you don't have an issue_id change it to the pr id after creating the pr
- ensure type is one of the following:
  - .feature: Signifying a new feature.
  - .bugfix: Signifying a bug fix.
  - .doc: Signifying a documentation improvement.
  - .removal: Signifying a deprecation or removal of public API.
  - .misc: A ticket has been closed, but it is not of interest to users.
- Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

Currently, the valid types of ssl parameter are SSLContext, Literal[False], Fingerprint or None. If user sets ssl = False, we disable ssl certificate validation which makes total sense. But if user set ssl = True by mistake, instead of enabling ssl certificate validation or raising errors, we silently disable the validation too which is a little subtle but weird. In this PR, we added a check that if user sets ssl=True, we enable certificate validation by treating it as using Default SSL Context. --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sviatoslav Sydorenko <[email protected]> Co-authored-by: Sam Bull <[email protected]> Co-authored-by: J. Nick Koston <[email protected]> Co-authored-by: Sam Bull <[email protected]> (cherry picked from commit 9e14ea1) (cherry picked from commit 4b91b53)

aiohttp/client.py

codecov · 2024-01-20T23:03:03Z

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (f000174) 97.39% compared to head (8dcf936) 97.38%.

Files	Patch %	Lines
aiohttp/client.py	0.00%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##              3.9    #8043      +/-   ##
==========================================
- Coverage   97.39%   97.38%   -0.01%     
==========================================
  Files         108      108              
  Lines       32496    32498       +2     
  Branches     3848     3849       +1     
==========================================
  Hits        31648    31648              
- Misses        646      647       +1     
- Partials      202      203       +1

Flag	Coverage Δ
CI-GHA	`97.29% <92.30%> (-0.01%)`	⬇️
OS-Linux	`96.98% <92.30%> (-0.01%)`	⬇️
OS-Windows	`94.47% <100.00%> (ø)`
OS-macOS	`96.80% <92.30%> (+0.19%)`	⬆️
Py-3.10.11	`94.37% <100.00%> (ø)`
Py-3.10.13	`96.77% <92.30%> (+<0.01%)`	⬆️
Py-3.11.7	`96.49% <92.30%> (-0.01%)`	⬇️
Py-3.12.1	`96.42% <92.30%> (-0.13%)`	⬇️
Py-3.8.10	`94.35% <100.00%> (ø)`
Py-3.8.18	`96.70% <92.30%> (-0.01%)`	⬇️
Py-3.9.13	`94.36% <100.00%> (ø)`
Py-3.9.18	`96.74% <92.30%> (-0.01%)`	⬇️
Py-pypy7.3.15	`96.29% <92.30%> (-0.01%)`	⬇️
VM-macos	`96.80% <92.30%> (+0.19%)`	⬆️
VM-ubuntu	`96.98% <92.30%> (-0.01%)`	⬇️
VM-windows	`94.47% <100.00%> (ø)`

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

aiohttp/client.py

patchback bot requested a review from asvetlov as a code owner January 20, 2024 22:50

patchback bot mentioned this pull request Jan 20, 2024

Tightening the runtime type check for ssl (#7698) #8042

Merged

5 tasks