aiobotocore icon indicating copy to clipboard operation
aiobotocore copied to clipboard

Published 20 hours ago verified publisher icon aio-libs

potential aiohttp>=4.0.0 breaking changes

Open terricain opened this issue 3 years ago • 7 comments

Describe the bug I have a suspicion we'll hit some issues when aiohttp 4.0.0 comes out judging by what I've seen in this issue https://github.com/terrycain/aioboto3/issues/237 where the user had installed 4.0.0a1.

The issue was using aiobotocore 1.3.3, where verify_ssl was an unexpected argument passed to aiohttp.TCPConnector, aiohttp.TCPConnector has since moved here but I reckon it would still have the same issue.

I shall look into this in more depth later today. Might be worth updating the dep to aiohttp>=3.3.1,<4.0.0.

terricain avatar Aug 30 '21 12:08 terricain

Running into this issue today pulling in aiobotocore 2.2.0 as a dependency to s3fs. Your pipfile specified aiohttp = "==3.7.4.post0" Will still work, but the setup.py aiohttp>=3.3.1 allows 4.0.0 to be installed which does indeed have your referenced verify_ssl issue.

jon-rosenberg-rse avatar Mar 31 '22 20:03 jon-rosenberg-rse

cool will work on this asap, probably we need to test with both versions

thehesiod avatar Mar 31 '22 22:03 thehesiod

Some news about this issue?

leandrorebelo avatar Oct 26 '22 14:10 leandrorebelo

It looks like this just broke with aiohttp 3.9.2, which includes this change: https://github.com/aio-libs/aiohttp/pull/8043

brianmedigate avatar Jan 29 '24 12:01 brianmedigate

That shouldn't be too bad a fix, I reckon https://github.com/aio-libs/aiobotocore/blob/master/aiobotocore/httpsession.py#L114 removing verify_ssl argument and changing ssl to ssl=ssl_context if ssl_context is not None else bool(verify) should suffice and satisfy the arg checking logic here https://github.com/aio-libs/aiohttp/blob/v3.9.2/aiohttp/client_reqrep.py#L156

terricain avatar Jan 29 '24 14:01 terricain

I'll look into it. There's #1077 fixing HTTPS proxy support that looks related to this issue.

jakob-keller avatar Jan 29 '24 14:01 jakob-keller

That shouldn't be too bad a fix, I reckon https://github.com/aio-libs/aiobotocore/blob/master/aiobotocore/httpsession.py#L114 removing verify_ssl argument and changing ssl to ssl=ssl_context if ssl_context is not None else bool(verify) should suffice and satisfy the arg checking logic here https://github.com/aio-libs/aiohttp/blob/v3.9.2/aiohttp/client_reqrep.py#L156

Just set the start value of ssl_context to bool(verify) instead of None. That should then be compatible with 3.9.2+ including 4+. We'll fix this this backwards-compatible breakage in 3.9.3 though, that certainly wasn't intended. We convert None in ClientSession, but missed the case where you're sending it to the connector directly.

Dreamsorcerer avatar Jan 29 '24 15:01 Dreamsorcerer