Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix sslv2/sslv3 with unverified connections #93037

Merged
merged 1 commit into from
May 14, 2023
Merged

Fix sslv2/sslv3 with unverified connections #93037

merged 1 commit into from
May 14, 2023

Conversation

bdraco
Copy link
Member

@bdraco bdraco commented May 13, 2023

Proposed change

In #90191 we use the same ssl context for httpx now to avoid a memory leak, but httpx previously allowed sslv2/sslv3 for unverified connections

This reverts to the behavior before #90191

Type of change

  • Dependency upgrade
  • Bugfix (non-breaking change which fixes an issue)
  • New integration (thank you!)
  • New feature (which adds functionality to an existing integration)
  • Deprecation (breaking change to happen in the future)
  • Breaking change (fix/feature causing existing functionality to break)
  • Code quality improvements to existing code or addition of tests

Additional information

Checklist

  • The code change is tested and works locally.
  • Local tests pass. Your PR cannot be merged unless tests pass
  • There is no commented out code in this PR.
  • I have followed the development checklist
  • I have followed the perfect PR recommendations
  • The code has been formatted using Black (black --fast homeassistant tests)
  • Tests have been added to verify that the new code works.

If user exposed functionality or configuration variables are added/changed:

If the code communicates with devices, web services, or third-party tools:

  • The manifest file has all fields filled out correctly.
    Updated and included derived files by running: python3 -m script.hassfest.
  • New or updated dependencies have been added to requirements_all.txt.
    Updated by running python3 -m script.gen_requirements_all.
  • For the updated dependencies - a link to the changelog, or at minimum a diff between library versions is added to the PR description.
  • Untested files have been added to .coveragerc.

To help with the load of incoming pull requests:

In #90191 we use the same ssl context for httpx now to avoid
a memory leak, but httpx previously allowed sslv2/sslv3 for
unverified connections

This reverts to the behavior before #90191
@bdraco bdraco added this to the 2023.5.3 milestone May 13, 2023
@home-assistant home-assistant bot added bugfix cla-signed core small-pr PRs with less than 30 lines. labels May 13, 2023
@@ -73,8 +73,6 @@ def create_no_verify_ssl_context(
https://github.com/aio-libs/aiohttp/blob/33953f110e97eecc707e1402daa8d543f38a189b/aiohttp/connector.py#L911
"""
sslcontext = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bdraco bdraco marked this pull request as ready for review May 13, 2023 20:34
@bdraco bdraco requested a review from epenet as a code owner May 13, 2023 20:34
@balloob balloob merged commit e593cea into dev May 14, 2023
@balloob balloob deleted the ssl_unified branch May 14, 2023 00:16
balloob pushed a commit that referenced this pull request May 14, 2023
In #90191 we use the same ssl context for httpx now to avoid
a memory leak, but httpx previously allowed sslv2/sslv3 for
unverified connections

This reverts to the behavior before #90191
@balloob balloob mentioned this pull request May 14, 2023
@github-actions github-actions bot locked and limited conversation to collaborators May 15, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Generic Camera integration's RTSP camera streams (from Dahua XVR) no longer work after upgrade to 2023.4.5
2 participants