diff --git a/CHANGES/10146.misc.rst b/CHANGES/10146.misc.rst new file mode 100644 index 00000000000..bee4ef68fb3 --- /dev/null +++ b/CHANGES/10146.misc.rst @@ -0,0 +1 @@ +Setting :attr:`aiohttp.web.StreamResponse.last_modified` to an unsupported type will now raise :exc:`TypeError` instead of silently failing -- by :user:`bdraco`. diff --git a/CHANGES/10156.feature.rst b/CHANGES/10156.feature.rst new file mode 100644 index 00000000000..0ff6b6b8bd8 --- /dev/null +++ b/CHANGES/10156.feature.rst @@ -0,0 +1,3 @@ +Enabled ALPN on default SSL contexts. This improves compatibility with some +proxies which don't work without this extension. +-- by :user:`Cycloctane`. diff --git a/CONTRIBUTORS.txt b/CONTRIBUTORS.txt index 40fa2cb2b1a..7a7f882c885 100644 --- a/CONTRIBUTORS.txt +++ b/CONTRIBUTORS.txt @@ -376,6 +376,7 @@ William S. Wilson Ong wouter bolsterlee Xavier Halloran +Xi Rui Xiang Li Yang Zhou Yannick Koechlin diff --git a/aiohttp/connector.py b/aiohttp/connector.py index 1b7610c2831..d48356ae87a 100644 --- a/aiohttp/connector.py +++ b/aiohttp/connector.py @@ -772,14 +772,16 @@ def _make_ssl_context(verified: bool) -> SSLContext: # No ssl support return None # type: ignore[unreachable] if verified: - return ssl.create_default_context() - sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) - sslcontext.options |= ssl.OP_NO_SSLv2 - sslcontext.options |= ssl.OP_NO_SSLv3 - sslcontext.check_hostname = False - sslcontext.verify_mode = ssl.CERT_NONE - sslcontext.options |= ssl.OP_NO_COMPRESSION - sslcontext.set_default_verify_paths() + sslcontext = ssl.create_default_context() + else: + sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) + sslcontext.options |= ssl.OP_NO_SSLv2 + sslcontext.options |= ssl.OP_NO_SSLv3 + sslcontext.check_hostname = False + sslcontext.verify_mode = ssl.CERT_NONE + sslcontext.options |= ssl.OP_NO_COMPRESSION + sslcontext.set_default_verify_paths() + sslcontext.set_alpn_protocols(("http/1.1",)) return sslcontext diff --git a/aiohttp/web_response.py b/aiohttp/web_response.py index b1eb99a17e1..2feffba9e68 100644 --- a/aiohttp/web_response.py +++ b/aiohttp/web_response.py @@ -267,6 +267,9 @@ def last_modified( ) elif isinstance(value, str): self._headers[hdrs.LAST_MODIFIED] = value + else: + msg = f"Unsupported type for last_modified: {type(value).__name__}" # type: ignore[unreachable] + raise TypeError(msg) @property def etag(self) -> Optional[ETag]: diff --git a/tests/test_client_functional.py b/tests/test_client_functional.py index f95ebabaf7e..77d74b441d5 100644 --- a/tests/test_client_functional.py +++ b/tests/test_client_functional.py @@ -632,6 +632,30 @@ async def handler(request: web.Request) -> web.Response: assert txt == "Test message" +async def test_ssl_client_alpn( + aiohttp_server: AiohttpServer, + aiohttp_client: AiohttpClient, + ssl_ctx: ssl.SSLContext, +) -> None: + + async def handler(request: web.Request) -> web.Response: + assert request.transport is not None + sslobj = request.transport.get_extra_info("ssl_object") + return web.Response(text=sslobj.selected_alpn_protocol()) + + app = web.Application() + app.router.add_route("GET", "/", handler) + ssl_ctx.set_alpn_protocols(("http/1.1",)) + server = await aiohttp_server(app, ssl=ssl_ctx) + + connector = aiohttp.TCPConnector(ssl=False) + client = await aiohttp_client(server, connector=connector) + resp = await client.get("/") + assert resp.status == 200 + txt = await resp.text() + assert txt == "http/1.1" + + async def test_tcp_connector_fingerprint_ok( aiohttp_server: AiohttpServer, aiohttp_client: AiohttpClient, diff --git a/tests/test_web_response.py b/tests/test_web_response.py index 937dfd8776a..dff883d4570 100644 --- a/tests/test_web_response.py +++ b/tests/test_web_response.py @@ -242,6 +242,13 @@ def test_last_modified_reset() -> None: assert resp.last_modified is None +def test_last_modified_invalid_type() -> None: + resp = web.StreamResponse() + + with pytest.raises(TypeError, match="Unsupported type for last_modified: object"): + resp.last_modified = object() # type: ignore[assignment] + + @pytest.mark.parametrize( "header_val", (