gh-100985: Consistently wrap IPv6 IP address during CONNECT (GH-100986)

Update _get_hostport to always remove square brackets
from IPv6 addresses. Then add them if needed
in "CONNECT .." and "Host: ".

diff --git a/Lib/http/client.py b/Lib/http/client.py
index 5eebfccafbca59bd6963a442f56fc0fbb20b1ed5..a353716a8506e65ae9ac9f06581ad17397e2f2a2 100644 (file)
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -936,17 +936,23 @@ class HTTPConnection:
                 host = host[:i]
             else:
                 port = self.default_port
-            if host and host[0] == '[' and host[-1] == ']':
-                host = host[1:-1]
+        if host and host[0] == '[' and host[-1] == ']':
+            host = host[1:-1]
 
         return (host, port)
 
     def set_debuglevel(self, level):
         self.debuglevel = level
 
+    def _wrap_ipv6(self, ip):
+        if b':' in ip and ip[0] != b'['[0]:
+            return b"[" + ip + b"]"
+        return ip
+
     def _tunnel(self):
         connect = b"CONNECT %s:%d %s\r\n" % (
-            self._tunnel_host.encode("idna"), self._tunnel_port,
+            self._wrap_ipv6(self._tunnel_host.encode("idna")),
+            self._tunnel_port,
             self._http_vsn_str.encode("ascii"))
         headers = [connect]
         for header, value in self._tunnel_headers.items():
@@ -1221,9 +1227,8 @@ class HTTPConnection:
 
                     # As per RFC 273, IPv6 address should be wrapped with []
                     # when used as Host header
-
+                    host_enc = self._wrap_ipv6(host_enc)
                     if ":" in host:
-                        host_enc = b'[' + host_enc + b']'
                         host_enc = _strip_ipv6_iface(host_enc)
 
                     if port == self.default_port:

diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index 089bf5be40a0e27ae6f944f8b0a4d50caf73595b..6e63a8872d9c6e152a8fc966afc7b1ad29879660 100644 (file)
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -2408,6 +2408,22 @@ class TunnelTests(TestCase):
         self.assertIn(b'PUT / HTTP/1.1\r\nHost: %(host)s\r\n' % d,
                       self.conn.sock.data)
 
+    def test_connect_put_request_ipv6(self):
+        self.conn.set_tunnel('[1:2:3::4]', 1234)
+        self.conn.request('PUT', '/', '')
+        self.assertEqual(self.conn.sock.host, self.host)
+        self.assertEqual(self.conn.sock.port, client.HTTP_PORT)
+        self.assertIn(b'CONNECT [1:2:3::4]:1234', self.conn.sock.data)
+        self.assertIn(b'Host: [1:2:3::4]:1234', self.conn.sock.data)
+
+    def test_connect_put_request_ipv6_port(self):
+        self.conn.set_tunnel('[1:2:3::4]:1234')
+        self.conn.request('PUT', '/', '')
+        self.assertEqual(self.conn.sock.host, self.host)
+        self.assertEqual(self.conn.sock.port, client.HTTP_PORT)
+        self.assertIn(b'CONNECT [1:2:3::4]:1234', self.conn.sock.data)
+        self.assertIn(b'Host: [1:2:3::4]:1234', self.conn.sock.data)
+
     def test_tunnel_debuglog(self):
         expected_header = 'X-Dummy: 1'
         response_text = 'HTTP/1.0 200 OK\r\n{}\r\n\r\n'.format(expected_header)

diff --git a/Misc/ACKS b/Misc/ACKS
index 8a80e02ecba26a8528c21346f29fcbea33a80745..f01c7a70a65dc521ede67a8e16a034e0ba452527 100644 (file)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -756,6 +756,7 @@ Raymond Hettinger
 Lisa Hewus Fresh
 Kevan Heydon
 Wouter van Heyst
+Derek Higgins
 Kelsey Hightower
 Jason Hildebrand
 Ryan Hileman

diff --git a/Misc/NEWS.d/next/Library/2023-01-12-14-16-01.gh-issue-100985.GT5Fvd.rst b/Misc/NEWS.d/next/Library/2023-01-12-14-16-01.gh-issue-100985.GT5Fvd.rst
new file mode 100644 (file)
index 0000000..8d8693a
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-01-12-14-16-01.gh-issue-100985.GT5Fvd.rst
@@ -0,0 +1,2 @@
+Update HTTPSConnection to consistently wrap IPv6 Addresses when using a
+proxy.