Is it necessary to monkey patch urllib3?

[matthewhampton]

Hi @brandond,

This just a question.

I am wondering why it was necessary to monkey patch urllib3 to access the peercert.

Would it not be possible to just call response._connection.sock.getpeercert(binary_form=True)?

At this point:

requests-negotiate-sspi/requests_negotiate_sspi/requests_negotiate_sspi.py

Line 94 in 37a1347

md.update(response.peercert)

Thanks!

[brandond]

If that works now, it didn't three years ago when I wrote this. Does it work now?

[matthewhampton]

I'll give it a try!

[matthewhampton]

Ah.. I see that the response object there is a requests.models.Response - rather than a urllib3.connection.VerifiedHTTPSConnection...

This is a way that it would be possible to achieve the same effect using the Transport Adapter APIs from requests:

from requests.adapters import HTTPAdapter

class HttpNegotiateAdapter(HTTPAdapter):

    def build_response(self, req, resp):
        peercert = self._get_response_peercert(resp)
        response = super(HttpNegotiateAdapter, self).build_response(req, resp)
        response.peercert = peercert
        return response

    def _get_response_peercert(self, resp):
        try:
            return resp.connection.sock.getpeercert(binary_form=True)
        except AttributeError as e:
            return None

And then, for usage:

import requests
from requests_negotiate_sspi import HttpNegotiateAuth, HttpNegotiateAdapter

s = requests.Session()
s.mount("https://", HttpNegotiateAdapter())
r = s.get('https://iis.contoso.com', auth=HttpNegotiateAuth())

See https://requests.readthedocs.io/en/master/user/advanced/#transport-adapters

[brandond]

Looks great, want to put in a PR?