[3.11] gh-100985: Consistently wrap IPv6 IP address during CONNECT (GH-100986) (GH...

Update _get_hostport to always remove square brackets
from IPv6 addresses. Then add them if needed
in "CONNECT .." and "Host: ".
(cherry picked from commit 465db27cb983084e718a1fd9519b2726c96935cb)

Co-authored-by: Derek Higgins <derekh@redhat.com>

diff --git a/Lib/http/client.py b/Lib/http/client.py
index 1ee22989ae118865be34a97909a4cb8c835997e4..91ee1b470cfd472c665584ef5e1595626a5af858 100644 (file)
--- a/Lib/http/client.py
+++ b/Lib/http/client.py
@@ -907,17 +907,23 @@ class HTTPConnection:
                 host = host[:i]
             else:
                 port = self.default_port
-            if host and host[0] == '[' and host[-1] == ']':
-                host = host[1:-1]
+        if host and host[0] == '[' and host[-1] == ']':
+            host = host[1:-1]
 
         return (host, port)
 
     def set_debuglevel(self, level):
         self.debuglevel = level
 
+    def _wrap_ipv6(self, ip):
+        if b':' in ip and ip[0] != b'['[0]:
+            return b"[" + ip + b"]"
+        return ip
+
     def _tunnel(self):
         connect = b"CONNECT %s:%d HTTP/1.0\r\n" % (
-            self._tunnel_host.encode("ascii"), self._tunnel_port)
+            self._wrap_ipv6(self._tunnel_host.encode("ascii")),
+            self._tunnel_port)
         headers = [connect]
         for header, value in self._tunnel_headers.items():
             headers.append(f"{header}: {value}\r\n".encode("latin-1"))
@@ -1188,9 +1194,8 @@ class HTTPConnection:
 
                     # As per RFC 273, IPv6 address should be wrapped with []
                     # when used as Host header
-
+                    host_enc = self._wrap_ipv6(host_enc)
                     if ":" in host:
-                        host_enc = b'[' + host_enc + b']'
                         host_enc = _strip_ipv6_iface(host_enc)
 
                     if port == self.default_port:

diff --git a/Lib/test/test_httplib.py b/Lib/test/test_httplib.py
index 015a3d1e872ff267d5683863749896f1542484dc..8b9d49ec0948135a2628d88c6a94f60eb8b54e4c 100644 (file)
--- a/Lib/test/test_httplib.py
+++ b/Lib/test/test_httplib.py
@@ -2267,6 +2267,22 @@ class TunnelTests(TestCase):
         self.assertIn(b'CONNECT destination.com', self.conn.sock.data)
         self.assertIn(b'Host: destination.com', self.conn.sock.data)
 
+    def test_connect_put_request_ipv6(self):
+        self.conn.set_tunnel('[1:2:3::4]', 1234)
+        self.conn.request('PUT', '/', '')
+        self.assertEqual(self.conn.sock.host, self.host)
+        self.assertEqual(self.conn.sock.port, client.HTTP_PORT)
+        self.assertIn(b'CONNECT [1:2:3::4]:1234', self.conn.sock.data)
+        self.assertIn(b'Host: [1:2:3::4]:1234', self.conn.sock.data)
+
+    def test_connect_put_request_ipv6_port(self):
+        self.conn.set_tunnel('[1:2:3::4]:1234')
+        self.conn.request('PUT', '/', '')
+        self.assertEqual(self.conn.sock.host, self.host)
+        self.assertEqual(self.conn.sock.port, client.HTTP_PORT)
+        self.assertIn(b'CONNECT [1:2:3::4]:1234', self.conn.sock.data)
+        self.assertIn(b'Host: [1:2:3::4]:1234', self.conn.sock.data)
+
     def test_tunnel_debuglog(self):
         expected_header = 'X-Dummy: 1'
         response_text = 'HTTP/1.0 200 OK\r\n{}\r\n\r\n'.format(expected_header)

diff --git a/Misc/ACKS b/Misc/ACKS
index 45a5a9b2b7c3377fa10dbc7d1e98033ef2c232f6..89474408a6bbd44cc2ccee2342a163a25dd0e660 100644 (file)
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -740,6 +740,7 @@ Raymond Hettinger
 Lisa Hewus Fresh
 Kevan Heydon
 Wouter van Heyst
+Derek Higgins
 Kelsey Hightower
 Jason Hildebrand
 Ryan Hileman

diff --git a/Misc/NEWS.d/next/Library/2023-01-12-14-16-01.gh-issue-100985.GT5Fvd.rst b/Misc/NEWS.d/next/Library/2023-01-12-14-16-01.gh-issue-100985.GT5Fvd.rst
new file mode 100644 (file)
index 0000000..8d8693a
--- /dev/null
+++ b/Misc/NEWS.d/next/Library/2023-01-12-14-16-01.gh-issue-100985.GT5Fvd.rst
@@ -0,0 +1,2 @@
+Update HTTPSConnection to consistently wrap IPv6 Addresses when using a
+proxy.