Open
Description
Recently I was using requests_toolbelt alongside the requests library, more specifically, I was leveraging the HostHeaderSSLAdapter from requests_toolbelt to make sure I could request a private URL endpoint (e.g. https://1.2.3.4:5678/api/check) with the custom SNI and self-signed CA certificate.
It works great until I try to request the same thing with a proxy, and it starts to occur the SSL verification exception as follows:
requests.exceptions.SSLError: HTTPSConnectionPool(host='1.2.3.4', port=5678): Max retries exceeded with url: /api/check_token (Caused by SSLError(SSLCertVerificationError(1, "[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '1.2.3.4:'. (_ssl.c:1006)")))I thought this was a bug related to the requests_toolbelt at first, like the existing bug report #276, but after doing some digging, I'm pretty sure it is bound to the requests itself, hence I report the bug here and a PR that for it later.
Expected Result
Everything works the same way with or without a proxy.
Actual Result
- Private URL endpoint + custom SNI + self-signed CA ✅
- Private URL endpoint + custom SNI + self-signed CA + HTTP Proxy ❌
Reproduction Steps
import requests
from requests_toolbelt.adapters.host_header_ssl import HostHeaderSSLAdapter
session = requests.Session()
session.trust_env = False
session.mount('https://', HostHeaderSSLAdapter())
# Modify http://127.0.0.1:20809 to your actual proxy url
session.proxies.update({'https': 'http://127.0.0.1:20809',
'http': 'http://127.0.0.1:20809'})
# Modify https://1.2.3.4:5678/api/check to your actual private URL endpoint
resp = session.get('https://1.2.3.4:5678/api/check',
headers={'Host': '{YOUR_HOST_NAME}'},
verify='{YOUR_SELF_SIGNED_CA_FILE}')
print(resp.status_code, resp.content)System Information
No need
Metadata
Metadata
Assignees
Labels
No labels
Activity