Comment 0 for bug 1500768

Sicne the upgade to python 3.4.3 on trusty, I'm getting this error when using a squid proxy:
https://jenkins.qa.ubuntu.com/view/All/job/udtc-trusty-tests/1946/label=ps-trusty-desktop-amd64-1,type=large/testReport/tests.large.test_android/AndroidSDKTests/test_default_android_sdk_install/

The code is using python-requests, with verify=True for ssl connection (default). Some tests are testing that invalid certificates are rejected: https://github.com/ubuntu/ubuntu-make/blob/master/umake/network/download_center.py#L129

Rerunning the same code with previous trusty package (3.4.0~trusty1) doesn't show up this issue. It seems that SNI is broken for the trusty version of python3-requests with 3.4.3. (See the FAQ http://www.python-requests.org/en/latest/community/faq/ with "What are “hostname doesn’t match” errors?" and the stackoverflow question.

I did run a test, grabbing requests 2.7 and backporting it to trusty (I needed to as well to take python3-urllib3 willy version).

So, 3.4.3 has an incompatible change for existing projects and people with proxys are starting to see some breakage like in https://bugs.launchpad.net/ubuntu/+source/ubuntu-make/+bug/1499890.

Can we get it fix somehow, reverting the incompatible change breaking SNI (I wonder if this is "Changed in version 3.4.3: This class now performs all the necessary certificate and hostname checks by default. To revert to the previous, unverified, behavior ssl._create_unverified_context() can be passed to the context parameter." in https://docs.python.org/3/library/http.client.html or something else) so that existing code can either get a new compatible python-requests or avoid incompatible changes in python 3.4.3?