The Fix
pip install requests==2.27.0
Based on closed psf/requests issue #5530 · PR/commit linked
@@ -1,7 +1,8 @@
pytest>=2.8.0,<=3.10.1
pytest-cov
-pytest-httpbin<1.0
+pytest-httpbin==1.0.0
pytest-mock==2.0.0
repro.py
def test_https_warnings(self, httpbin_secure, httpbin_ca_bundle):
"""warnings are emitted with requests.get"""
if HAS_MODERN_SSL or HAS_PYOPENSSL:
warnings_expected = ('SubjectAltNameWarning', )
else:
warnings_expected = ('SNIMissingWarning',
'InsecurePlatformWarning',
'SubjectAltNameWarning', )
with pytest.warns(None) as warning_records:
warnings.simplefilter('always')
requests.get(httpbin_secure('status', '200'),
verify=httpbin_ca_bundle)
warning_records = [item for item in warning_records
if item.category.__name__ != 'ResourceWarning']
warnings_category = tuple(
item.category.__name__ for item in warning_records)
assert warnings_category == warnings_expected
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install requests==2.27.0\nWhen NOT to use: Do not use this fix if you need to maintain compatibility with pytest-httpbin versions below 1.0.\n\n
Why This Fix Works in Production
- Trigger: E AssertionError: assert () == ('SubjectAltNameWarning',)
- Mechanism: Updated pytest-httpbin to version 1.0.0 to resolve issues with test_https_warnings failing due to certificate changes.
- Why the fix works: Updated pytest-httpbin to version 1.0.0 to resolve issues with test_https_warnings failing due to certificate changes. (first fixed release: 2.27.0).
Production impact:
- If left unfixed, this can cause silent data inconsistencies that propagate (bad cache entries, incorrect downstream decisions).
Why This Breaks in Prod
- Triggered by an upgrade/regression window: 1.0 breaks; 2.27.0 is the first fixed release.
- Shows up under Python 3.8.6 in real deployments (not just unit tests).
- Surfaces as: =================================== FAILURES ===================================
Proof / Evidence
- GitHub issue: #5530
- Fix PR: https://github.com/psf/requests/pull/5869
- First fixed release: 2.27.0
- Affected versions: 1.0
- Reproduced locally: No (not executed)
- Last verified: 2026-02-09
- Confidence: 0.85
- Did this fix it?: Yes (upstream fix exists)
- Own content ratio: 0.30
Discussion
High-signal excerpts from the issue thread (symptoms, repros, edge-cases).
“Thanks for reporting this issue, we've known of this problem for some time but would take some work to fix, would you be willing to…”
“Not sure how to approach it”
“Confirmed QA'ing www/py-requests FreeBSD port on: Pinned dependencies make it super difficult downstream, but everything appears to pass tests except this one with the latest…”
“Generating a malformed, ie one without or an invalid subjectAltName, certificate (bundle) may be the way to go here”
Failure Signature (Search String)
- E AssertionError: assert () == ('SubjectAltNameWarning',)
Error Message
Stack trace
error.txt
Error Message
-------------
=================================== FAILURES ===================================
_______________________ TestRequests.test_https_warnings _______________________
self = <tests.test_requests.TestRequests object at 0x7fc802ebaa60>
httpbin_secure = <function prepare_url.<locals>.inner at 0x7fc8031980d0>
httpbin_ca_bundle = None
def test_https_warnings(self, httpbin_secure, httpbin_ca_bundle):
"""warnings are emitted with requests.get"""
if HAS_MODERN_SSL or HAS_PYOPENSSL:
warnings_expected = ('SubjectAltNameWarning', )
else:
warnings_expected = ('SNIMissingWarning',
'InsecurePlatformWarning',
'SubjectAltNameWarning', )
with pytest.warns(None) as warning_records:
warnings.simplefilter('always')
requests.get(httpbin_secure('status', '200'),
verify=httpbin_ca_bundle)
warning_records = [item for item in warning_records
if item.category.__name__ != 'ResourceWarning']
warnings_category = tuple(
item.category.__name__ for item in warning_records)
assert warnings_category == warnings_expected
E AssertionError: assert () == ('SubjectAltNameWarning',)
E Right contains one more item: 'SubjectAltNameWarning'
E Full diff:
E
... (truncated) ...
Minimal Reproduction
repro.py
def test_https_warnings(self, httpbin_secure, httpbin_ca_bundle):
"""warnings are emitted with requests.get"""
if HAS_MODERN_SSL or HAS_PYOPENSSL:
warnings_expected = ('SubjectAltNameWarning', )
else:
warnings_expected = ('SNIMissingWarning',
'InsecurePlatformWarning',
'SubjectAltNameWarning', )
with pytest.warns(None) as warning_records:
warnings.simplefilter('always')
requests.get(httpbin_secure('status', '200'),
verify=httpbin_ca_bundle)
warning_records = [item for item in warning_records
if item.category.__name__ != 'ResourceWarning']
warnings_category = tuple(
item.category.__name__ for item in warning_records)
assert warnings_category == warnings_expected
Environment
- Python: 3.8.6
Fix Options (Details)
Option A — Upgrade to fixed release Safe default (recommended)
pip install requests==2.27.0
When NOT to use: Do not use this fix if you need to maintain compatibility with pytest-httpbin versions below 1.0.
Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.
Fix reference: https://github.com/psf/requests/pull/5869
First fixed release: 2.27.0
Last verified: 2026-02-09. Validate in your environment.
When NOT to Use This Fix
- Do not use this fix if you need to maintain compatibility with pytest-httpbin versions below 1.0.
Verify Fix
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
Did This Fix Work in Your Case?
Quick signal helps us prioritize which fixes to verify and improve.
Prevention
- Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
- Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.
Version Compatibility Table
| Version | Status |
|---|---|
| 1.0 | Broken |
| 2.27.0 | Fixed |
Related Issues
No related fixes found.
Sources
We don’t republish the full GitHub discussion text. Use the links above for context.