Urllib3-future

===================

* CVE-2016-9015. Users who are using urllib3 version 1.17 or 1.18 along with
PyOpenSSL injection and OpenSSL 1.1.0 *must* upgrade to this version. This
release fixes a vulnerability whereby urllib3 in the above configuration
would silently fail to validate TLS certificates due to erroneously setting
invalid flags in OpenSSL's ``SSL_CTX_set_verify`` function. These erroneous
flags do not cause a problem in OpenSSL versions before 1.1.0, which
interprets the presence of any flag as requesting certificate validation.

There is no PR for this patch, as it was prepared for simultaneous disclosure
and release. The master branch received the same fix in Pull 1010.

=================

* Fixed incorrect message for IncompleteRead exception. (Pull 973)

* Accept ``iPAddress`` subject alternative name fields in TLS certificates.
(Issue 258)

* Fixed consistency of ``HTTPResponse.closed`` between Python 2 and 3.
(Issue 977)

* Fixed handling of wildcard certificates when using PyOpenSSL. (Issue 979)

=================

* Accept ``SSLContext`` objects for use in SSL/TLS negotiation. (Issue 835)

* ConnectionPool debug log now includes scheme, host, and port. (Issue 897)

* Substantially refactored documentation. (Issue 887)

* Used URLFetch default timeout on AppEngine, rather than hardcoding our own.
(Issue 858)

* Normalize the scheme and host in the URL parser (Issue 833)

* ``HTTPResponse`` contains the last ``Retry`` object, which now also
contains retries history. (Issue 848)

* Timeout can no longer be set as boolean, and must be greater than zero.
(Pull 924)

* Removed pyasn1 and ndg-httpsclient from dependencies used for PyOpenSSL. We
now use cryptography and idna, both of which are already dependencies of
PyOpenSSL. (Pull 930)

* Fixed infinite loop in ``stream`` when amt=None. (Issue 928)

* Try to use the operating system's certificates when we are using an
``SSLContext``. (Pull 941)

* Updated cipher suite list to allow ChaCha20+Poly1305. AES-GCM is preferred to
ChaCha20, but ChaCha20 is then preferred to everything else. (Pull 947)

* Updated cipher suite list to remove 3DES-based cipher suites. (Pull 958)

* Removed the cipher suite fallback to allow HIGH ciphers. (Pull 958)

* Implemented ``length_remaining`` to determine remaining content
to be read. (Pull 949)

* Implemented ``enforce_content_length`` to enable exceptions when
incomplete data chunks are received. (Pull 949)

* Dropped connection start, dropped connection reset, redirect, forced retry,
and new HTTPS connection log levels to DEBUG, from INFO. (Pull 967)

=================

* Disable IPv6 DNS when IPv6 connections are not possible. (Issue 840)

* Provide ``key_fn_by_scheme`` pool keying mechanism that can be
overridden. (Issue 830)

* Normalize scheme and host to lowercase for pool keys, and include
``source_address``. (Issue 830)

* Cleaner exception chain in Python 3 for ``_make_request``.
(Issue 861)

* Fixed installing ``urllib3[socks]`` extra. (Issue 864)

* Fixed signature of ``ConnectionPool.close`` so it can actually safely be
called by subclasses. (Issue 873)

* Retain ``release_conn`` state across retries. (Issues 651, 866)

* Add customizable ``HTTPConnectionPool.ResponseCls``, which defaults to
``HTTPResponse`` but can be replaced with a subclass. (Issue 879)

===================

* Fix packaging to include backports module. (Issue 841)

=================

* Added Retry(raise_on_status=False). (Issue 720)

* Always use setuptools, no more distutils fallback. (Issue 785)

* Dropped support for Python 3.2. (Issue 786)

* Chunked transfer encoding when requesting with ``chunked=True``.
(Issue 790)

* Fixed regression with IPv6 port parsing. (Issue 801)

* Append SNIMissingWarning messages to allow users to specify it in
the PYTHONWARNINGS environment variable. (Issue 816)

* Handle unicode headers in Py2. (Issue 818)

* Log certificate when there is a hostname mismatch. (Issue 820)

* Preserve order of request/response headers. (Issue 821)