All commit authors signed the Contributor License Agreement.

Most changes to Pythonrequire a NEWS entry. Add one using theblurb_it web app or theblurb command-line tool.

If this change has little impact on Python users, wait for a maintainer to apply theskip news label instead.

cc@picnixz (cryptography expert)

We are still missing the What's New entry and the modified NEWS entry.

We are still missing the What's New entry and the modified NEWS entry.

my bad, fixed

We may also need an additional.. versionchanged:: next in the docs to mention SHA-256 inhttps://docs.python.org/3/library/urllib.request.html#urllib.request.AbstractDigestAuthHandler.

added

I think we'll also need a follow-up PR to update the docs because they are lacking IMO.

what docs were you thinking of? i can make a new gh issue for it, as well as the complete end-to-end http digest auth test

what docs were you thinking of? i can make a new gh issue for it, as well as the complete end-to-end http digest auth test

None of the methods of AbstractDigestAuthHandler are actually documented so we may want to document them. If someone wants to subclass this interface, they need to know its usage.

For now, let's wait for Gregory's feedback.

Thank you for your contribution Calvin and Gregory for the merge/2nd review.

⚠️⚠️⚠️ Buildbot failure⚠️⚠️⚠️

Hi! The buildbotAMD64 RHEL8 FIPS Only Blake2 Builtin Hash 3.x has failed when building commitf9a5a3a.

What do you need to do:

1. Don't panic.
2. Checkthe buildbot page in the devguide if you don't know what the buildbots are or how they work.
3. Go to the page of the buildbot that failed (https://buildbot.python.org/#/builders/469/builds/9772) and take a look at the build logs.
4. Check if the failure is related to this commit (f9a5a3a) or if it is a false positive.
5. If the failure is related to this commit, please, reflect that on the issue and make a new Pull Request with a fix.

You can take a look at the buildbot page here:

https://buildbot.python.org/#/builders/469/builds/9772

Failed tests:

• test_urllib2

Failed subtests:

• test_md5_algorithm - test.test_urllib2.TestDigestAlgorithms.test_md5_algorithm

Summary of the results of the build (if available):

==

Traceback (most recent call last):  File"/home/buildbot/buildarea/3.x.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/test/test_urllib2.py", line1972, intest_md5_algorithmself.assertEqual(H("foo"),"acbd18db4cc2f85cedef654fccc4a4d8")~^^^^^^^  File"/home/buildbot/buildarea/3.x.cstratak-RHEL8-fips-x86_64.no-builtin-hashes-except-blake2/build/Lib/urllib/request.py", line1182, in<lambda>    H=lambdax: hashlib.md5(x.encode("ascii")).hexdigest()~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^ValueError:[digital envelope routines: EVP_DigestInit_ex] disabled for FIPS

i'm not surprised at that buildbot error. it is running in an unrealistic config without critical hash functions. we'll ultimately just need to decorate the test to indicate that it requires md5, sha1, and sha256 - skipping it otherwise. (see test_hashlib)

I'll do it tomorrow (it's almost midnight here and I'm no more on my dev session) or someone else somewhere else can add the decorators. However, maybe we should revert the commit just to avoid other PRs to have the buildbot failure in the meantime?

No worries. That buildbot is an unstable unsupported configuration, no need to revert anything.

It's there solely so that we can use it to identify and clean up test dependency declaration issueseventually. It doesn't block anything.