Implement HTTPS Proxy Support #3816

cooperlees · 2019-06-06T18:42:03Z

Long story short

Once TLS in TLS support is added to asyncio (https://bugs.python.org/issue37179) is landed to (hopefully) Python 3.8 we should plan including support for HTTPS Proxy servers if Python >= 3.8.

Expected behaviour

Have the ability to use no authentication HTTPS proxies and Authentication via using custom SSL Contexts: Example Code

Actual behaviour

Today we get explicitly told aiohttp can't do HTTPS proxies:

[cooper:~:( (aiohttp_auth_proxy))]$ python3.7 aioclient.py
HTTPS proxies https://proxy:1443 are not supported, ignoring

Steps to reproduce

Set via the environment or other means to use an HTTPS proxy.

#! /usr/bin/env python3
 
import asyncio
import logging
import os
import ssl
import sys
import time
 
import aiohttp
 
 
PROXY_PORT = 1443
PROXY_HOSTNAME = "https://proxy.company.com"
EXTERNAL_ENDPOINT = "https://www.google.com"
CA_BUNDLE = "/var/certs/ca.pem"
 
 
logger = logging.getLogger(__name__)
logger.setLevel(logging.INFO)
logger.addHandler(logging.StreamHandler(sys.stdout))
 
 
async def run_example():
    cert = os.environ["TLS_CL_CERT_PATH"]
    key = os.environ["TLS_CL_KEY_PATH"]
 
    if not cert or not key:
        raise ValueError("Missing key TLS cert settings.")
 
    # For the example lets ensure HTTPS_PROXY is set
    os.environ["HTTPS_PROXY"] = f"{PROXY_HOSTNAME}:{PROXY_PORT}"
 
    # Setup SSL Fun
    ssl_ctx = ssl.create_default_context(cafile=CA_BUNDLE)
    ssl_ctx.load_cert_chain(cert, key)
    conn = aiohttp.TCPConnector(ssl=ssl_ctx)
 
    start_time = time.time()
    # trust_env allows HTTP(s)_PROXY vars to work
    async with aiohttp.ClientSession(connector=conn, trust_env=True) as session:
        async with session.get(EXTERNAL_ENDPOINT) as response:
            logger.info(
                "Received response with status code "
                + f"{response.status} in {time.time() - start_time}s"
            )
 
 
if __name__ == "__main__":
    asyncio.run(run_example())

Your environment

Python 3.7.3
aiohttp 3.5.4

The text was updated successfully, but these errors were encountered:

cooperlees · 2020-07-09T00:25:57Z

@1st1 has stated that this should work with uvloop. Would a PR be accepted that allow's uvloop enabled programs to work until we get the stdlib asyncio loop to have working TLS in TLS?

webknjaz · 2020-07-09T13:06:33Z

I think so

Resolves aio-libs#3816 Resolves aio-libs#4268 Co-Authored-By: Brian Bouterse <[email protected]> Co-Authored-By: Jordan Borean <[email protected]> Co-Authored-By: Sviatoslav Sydorenko <[email protected]>

This patch opens up the code path and adds the implementation that allows end-users to start sending HTTPS requests through HTTPS proxies. The support for TLS-in-TLS (needed for this to work) in the stdlib is kinda available since Python 3.7 but is disabled for `asyncio` with an attribute/flag/toggle. When the upstream CPython enables it finally, aiohttp v3.8+ will be able to work with it out of the box. Currently the tests monkey-patch `asyncio` in order to verify that this works. The users who are willing to do the same, will be able to take advantage of it right now. Eventually (hopefully starting Python 3.11), the need for monkey-patching should be eliminated. Refs: * https://bugs.python.org/issue37179 * python/cpython#28073 * https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support * aio-libs#6044 Resolves aio-libs#3816 Resolves aio-libs#4268 Co-Authored-By: Brian Bouterse <[email protected]> Co-Authored-By: Jordan Borean <[email protected]> Co-Authored-By: Sviatoslav Sydorenko <[email protected]>

This patch opens up the code path and adds the implementation that allows end-users to start sending HTTPS requests through HTTPS proxies. The support for TLS-in-TLS (needed for this to work) in the stdlib is kinda available since Python 3.7 but is disabled for `asyncio` with an attribute/flag/toggle. When the upstream CPython enables it finally, aiohttp v3.8+ will be able to work with it out of the box. Currently the tests monkey-patch `asyncio` in order to verify that this works. The users who are willing to do the same, will be able to take advantage of it right now. Eventually (hopefully starting Python 3.11), the need for monkey-patching should be eliminated. Refs: * https://bugs.python.org/issue37179 * python/cpython#28073 * https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support * #6044 PR #5992 Resolves #3816 Resolves #4268 Co-authored-by: Brian Bouterse <[email protected]> Co-authored-by: Jordan Borean <[email protected]> Co-authored-by: Sviatoslav Sydorenko <[email protected]>

This patch opens up the code path and adds the implementation that allows end-users to start sending HTTPS requests through HTTPS proxies. The support for TLS-in-TLS (needed for this to work) in the stdlib is kinda available since Python 3.7 but is disabled for `asyncio` with an attribute/flag/toggle. When the upstream CPython enables it finally, aiohttp v3.8+ will be able to work with it out of the box. Currently the tests monkey-patch `asyncio` in order to verify that this works. The users who are willing to do the same, will be able to take advantage of it right now. Eventually (hopefully starting Python 3.11), the need for monkey-patching should be eliminated. Refs: * https://bugs.python.org/issue37179 * python/cpython#28073 * https://docs.aiohttp.org/en/stable/client_advanced.html#proxy-support * aio-libs#6044 PR aio-libs#5992 Resolves aio-libs#3816 Resolves aio-libs#4268 Co-authored-by: Brian Bouterse <[email protected]> Co-authored-by: Jordan Borean <[email protected]> Co-authored-by: Sviatoslav Sydorenko <[email protected]> (cherry picked from commit c29e5fb)

…ent (#6049) This patch opens up the code path and adds the implementation that allows end-users to start sending HTTPS requests through HTTPS proxies. The support for TLS-in-TLS (needed for this to work) in the stdlib is kinda available since Python 3.7 but is disabled for `asyncio` with an attribute/flag/toggle. When the upstream CPython enables it finally, aiohttp v3.8+ will be able to work with it out of the box. Currently the tests monkey-patch `asyncio` in order to verify that this works. The users who are willing to do the same, will be able to take advantage of it right now. Eventually (hopefully starting Python 3.11), the need for monkey-patching should be eliminated. Refs: * bugs.python.org/issue37179 * python/cpython#28073 * docs.aiohttp.org/en/stable/client_advanced.html#proxy-support * #6044 PR #5992 Resolves #3816 Resolves #4268 Co-authored-by: Brian Bouterse <[email protected]> Co-authored-by: Jordan Borean <[email protected]> Co-authored-by: Sviatoslav Sydorenko <[email protected]>

webknjaz added client enhancement need pull request labels Jun 6, 2019

bbkane mentioned this issue Sep 25, 2019

Update docs to say aiohttp doesn't support HTTPS proxies #4100

Closed

ghjm mentioned this issue Mar 27, 2020

Need for HTTP proxy support project-receptor/python-receptor#191

Closed

bmbouter mentioned this issue Sep 9, 2021

Add secure proxy support in the client #5992

Merged

5 tasks

gutzbenj mentioned this issue Oct 1, 2021

Problem using Wetterdienst behind proxy earthobservations/wetterdienst#524

Closed

webknjaz closed this as completed in #5992 Oct 5, 2021

webknjaz mentioned this issue Oct 5, 2021

[PR #5992/c29e5fb5 backport][3.8] Add secure proxy support in the client #6049

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement HTTPS Proxy Support #3816

Implement HTTPS Proxy Support #3816

cooperlees commented Jun 6, 2019 •

edited by webknjaz

Loading

cooperlees commented Jul 9, 2020 •

edited

Loading

webknjaz commented Jul 9, 2020

Implement HTTPS Proxy Support #3816

Implement HTTPS Proxy Support #3816

Comments

cooperlees commented Jun 6, 2019 • edited by webknjaz Loading

Long story short

Expected behaviour

Actual behaviour

Steps to reproduce

Your environment

cooperlees commented Jul 9, 2020 • edited Loading

webknjaz commented Jul 9, 2020

cooperlees commented Jun 6, 2019 •

edited by webknjaz

Loading

cooperlees commented Jul 9, 2020 •

edited

Loading