Fix issue 6652: Raise aiohttp.ServerFingerprintMismatch exception o…

[gangj]

Fix issue 6652: Raise aiohttp.ServerFingerprintMismatch exception on client-side if request through http proxy with mismatching server fingerprint digest

What do these changes do?

Fix issue 6652: Raise aiohttp.ServerFingerprintMismatch exception on client-side if request through http proxy with mismatching server fingerprint digest

Are there changes in behavior for the user?

Users will be able to verify server certificate fingerprint for requests which go through http proxy

Related issue number

Fixes #6652

Checklist

• I think the code is well written
• Unit tests for the changes exist
• Documentation reflects the changes
• If you provide code modification, please add yourself to CONTRIBUTORS.txt
  • The format is <Name> <Surname>.
  • Please keep alphabetical order, the file is sorted by names.
• Add a new news fragment into the CHANGES folder
  • name it <issue_id>.<type> for example (588.bugfix)
  • if you don't have an issue_id change it to the pr id after creating the pr
  • ensure type is one of the following:
    • .feature: Signifying a new feature.
    • .bugfix: Signifying a bug fix.
    • .doc: Signifying a documentation improvement.
    • .removal: Signifying a deprecation or removal of public API.
    • .misc: A ticket has been closed, but it is not of interest to users.
  • Make sure to use full sentences with correct case and punctuation, for example: "Fix issue with non-ascii contents in doctest text files."

[Dreamsorcerer]

Can we add a test to cover this case?

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.56%. Comparing base (2628256) to head (fd02612).
Report is 5 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #6653   +/-   ##
=======================================
  Coverage   98.56%   98.56%           
=======================================
  Files         107      107           
  Lines       34949    34981   +32     
  Branches     4139     4150   +11     
=======================================
+ Hits        34446    34478   +32     
  Misses        335      335           
  Partials      168      168           

Flag	Coverage Δ
CI-GHA	98.44% <100.00%> (+<0.01%)	⬆️
OS-Linux	98.10% <100.00%> (+<0.01%)	⬆️
OS-Windows	96.51% <100.00%> (+<0.01%)	⬆️
OS-macOS	97.79% <100.00%> (-0.01%)	⬇️
Py-3.10.11	97.66% <96.96%> (-0.01%)	⬇️
Py-3.10.15	97.60% <96.96%> (-0.01%)	⬇️
Py-3.11.10	97.66% <100.00%> (+<0.01%)	⬆️
Py-3.11.9	97.74% <100.00%> (+<0.01%)	⬆️
Py-3.12.6	98.15% <100.00%> (+<0.01%)	⬆️
Py-3.13.0-rc.2	98.14% <100.00%> (+<0.01%)	⬆️
Py-3.9.13	97.56% <96.96%> (-0.01%)	⬇️
Py-3.9.20	97.50% <96.96%> (-0.01%)	⬇️
Py-pypy7.3.16	97.12% <96.96%> (-0.01%)	⬇️
VM-macos	97.79% <100.00%> (-0.01%)	⬇️
VM-ubuntu	98.10% <100.00%> (+<0.01%)	⬆️
VM-windows	96.51% <100.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[gangj]

Can we add a test to cover this case?

OK, will have a try.

[gangj]

Can we add a test to cover this case?

I had added a test: "test_https_connect_fingerprint_mismatch", please help to have a review, thanks!

[gangj]

Hi,

There remains one item: "Documentation reflects the changes" in the checklist not done yet. But I checked related document, seems there is no need to add document for this bug fix, any ideas?

Thanks!

[patchback]

Backport to 3.11: 💔 cherry-picking failed — conflicts found

❌ Failed to cleanly apply e3b1011 on top of patchback/backports/3.11/e3b1011f2146ad0faa4c3d3c29f26b73e1400564/pr-6653

Backporting merged PR #6653 into master

1. Ensure you have a local repo clone of your fork. Unless you cloned it
   from the upstream, this would be your origin remote.
2. Make sure you have an upstream repo added as a remote too. In these
   instructions you'll refer to it by the name upstream. If you don't
   have it, here's how you can add it:

   $ git remote add upstream https://github.com/aio-libs/aiohttp.git

3. Ensure you have the latest copy of upstream and prepare a branch
   that will hold the backported code:

   $ git fetch upstream
   $ git checkout -b patchback/backports/3.11/e3b1011f2146ad0faa4c3d3c29f26b73e1400564/pr-6653 upstream/3.11

4. Now, cherry-pick PR Fix issue 6652: Raise aiohttp.ServerFingerprintMismatch exception o… #6653 contents into that branch:

   $ git cherry-pick -x e3b1011f2146ad0faa4c3d3c29f26b73e1400564

   If it'll yell at you with something like fatal: Commit e3b1011f2146ad0faa4c3d3c29f26b73e1400564 is a merge but no -m option was given., add -m 1 as follows instead:

   $ git cherry-pick -m1 -x e3b1011f2146ad0faa4c3d3c29f26b73e1400564

5. At this point, you'll probably encounter some merge conflicts. You must
   resolve them in to preserve the patch from PR Fix issue 6652: Raise aiohttp.ServerFingerprintMismatch exception o… #6653 as close to the
   original as possible.
6. Push this branch to your fork on GitHub:

   $ git push origin patchback/backports/3.11/e3b1011f2146ad0faa4c3d3c29f26b73e1400564/pr-6653

7. Create a PR, ensure that the CI is green. If it's not — update it so that
   the tests and any other checks pass. This is it!
   Now relax and wait for the maintainers to process your pull request
   when they have some cycles to do reviews. Don't worry — they'll tell you if
   any improvements are necessary when the time comes!

🤖 @patchback
I'm built with octomachinery and
my source is open — https://github.com/sanitizers/patchback-github-app.