Closed br3ndonland closed 1 year ago
urllib3 2.0 was released on 2023-04-26. One of the changes was the removal of urllib3.util.ssl_.DEFAULT_CIPHERS. urllib3 now detects and uses the default ciphers configured by the system (https://github.com/urllib3/urllib3/issues/2168, https://github.com/urllib3/urllib3/pull/2705).
urllib3.util.ssl_.DEFAULT_CIPHERS
Requests currently allows urllib3>=1.21.1,<3. HTTPie has an indirect dependency on urllib3 (through Requests), and currently imports the DEFAULT_CIPHERS constant and uses it to populate CLI help text for the --ciphers flag.
urllib3>=1.21.1,<3
DEFAULT_CIPHERS
--ciphers
https://github.com/httpie/httpie/blob/47e9b99ba19b2a9d3e0098726fff4469b9dd6bb0/httpie/ssl_.py#L6-L12
https://github.com/httpie/httpie/blob/47e9b99ba19b2a9d3e0098726fff4469b9dd6bb0/httpie/cli/definition.py#L830-L837
This means that users who install HTTPie with urllib3>=2 will see an ImportError (httpie/httpie#1499).
urllib3>=2
ImportError
This PR will update HTTPie to catch the ImportError and assemble a list of default ciphers in the OpenSSL cipher list format.
Please note that GitHub Actions workflow runs appear to be failing because of pre-existing errors, not necessarily because of the changes in this PR.
Longer-term, it would be prudent to avoid importing from private modules in indirect dependencies.
If it is going to take some time to support urllib3 2.0, it could also be helpful to declare a direct dependency on urllib3>1,<2 in setup.py.
urllib3>1,<2
setup.py
@br3ndonland thanks for the PR! I didn’t notice it until merging another one, but then updated the code with your approach. Fixed in v3.2.2.
Description
urllib3 2.0 was released on 2023-04-26. One of the changes was the removal of
urllib3.util.ssl_.DEFAULT_CIPHERS
. urllib3 now detects and uses the default ciphers configured by the system (https://github.com/urllib3/urllib3/issues/2168, https://github.com/urllib3/urllib3/pull/2705).Requests currently allows
urllib3>=1.21.1,<3
. HTTPie has an indirect dependency on urllib3 (through Requests), and currently imports theDEFAULT_CIPHERS
constant and uses it to populate CLI help text for the--ciphers
flag.https://github.com/httpie/httpie/blob/47e9b99ba19b2a9d3e0098726fff4469b9dd6bb0/httpie/ssl_.py#L6-L12
https://github.com/httpie/httpie/blob/47e9b99ba19b2a9d3e0098726fff4469b9dd6bb0/httpie/cli/definition.py#L830-L837
This means that users who install HTTPie with
urllib3>=2
will see anImportError
(httpie/httpie#1499).Changes
This PR will update HTTPie to catch the
ImportError
and assemble a list of default ciphers in the OpenSSL cipher list format.Please note that GitHub Actions workflow runs appear to be failing because of pre-existing errors, not necessarily because of the changes in this PR.
Longer-term, it would be prudent to avoid importing from private modules in indirect dependencies.
If it is going to take some time to support urllib3 2.0, it could also be helpful to declare a direct dependency on
urllib3>1,<2
insetup.py
.Related