From 35f343206c59c9556ff801f0aad443387f7987b6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mike=20F=C3=A4hrmann?= <mike_faehrmann@web.de>
Date: Fri, 3 May 2019 17:21:01 +0200
Subject: [PATCH] update default SSL cipher list in urllib3 < 1.25

Cloudflare now also checks the client's SSL/TLS cipher capabilities and
produces a 403: Forbidden response with CAPTCHA if they are insufficient.

This commit replaces the default cipher list in urllib3 < 1.25 with the
one from 1.25 (1), which doesn't cause problems as long as the client
platform actually supports these ciphers. On some platforms (tested with
Python 3.4 on Linux and Python 3.7 on an outdated Windows 7 VM) it is
necessary to install pyOpenSSL to get everything to work.

Explicitly setting a minimum/maximum version for urllib3 is also no
longer necessary and installing gallery-dl will therefore not pull a
incompatible urllib3 version (#229)

Fixes the "403: Forbidden" error on Artstation (#227)

(1) https://github.com/urllib3/urllib3/commit/0cedb3b0f1e5d79c89c6db767c534b064b794cf2
---
 gallery_dl/extractor/common.py | 30 ++++++++++++++++++++++++++++++
 requirements.txt               |  3 +--
 setup.py                       |  3 +--
 3 files changed, 32 insertions(+), 4 deletions(-)

diff --git a/gallery_dl/extractor/common.py b/gallery_dl/extractor/common.py
index d61f1020..a54f945c 100644
--- a/gallery_dl/extractor/common.py
+++ b/gallery_dl/extractor/common.py
@@ -402,3 +402,33 @@ def generate_extractors(extractor_data, symtable, classes):
 # (This allows the use of Wget-generated cookiejars without modification)
 http.cookiejar.MozillaCookieJar.magic_re = re.compile(
     "#( Netscape)? HTTP Cookie File", re.IGNORECASE)
+
+# Update default cipher list of urllib3 < 1.25
+# to fix issues with Cloudflare and, by extension, Artstation (#227)
+try:
+    import urllib3
+except ImportError:
+    pass
+else:
+    if urllib3.__version__ < "1.25":
+        from urllib3.util import ssl_
+        logging.getLogger("gallery-dl").debug(
+            "updating default urllib3 ciphers")
+        # cipher list taken from urllib3 1.25
+        # https://github.com/urllib3/urllib3/blob/1.25/src/urllib3/util/ssl_.py
+        ssl_.DEFAULT_CIPHERS = (
+            "ECDHE+AESGCM:"
+            "ECDHE+CHACHA20:"
+            "DHE+AESGCM:"
+            "DHE+CHACHA20:"
+            "ECDH+AESGCM:"
+            "DH+AESGCM:"
+            "ECDH+AES:"
+            "DH+AES:"
+            "RSA+AESGCM:"
+            "RSA+AES:"
+            "!aNULL:"
+            "!eNULL:"
+            "!MD5:"
+            "!DSS"
+        )
diff --git a/requirements.txt b/requirements.txt
index 5301ca87..f9f5cd88 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,2 +1 @@
-requests>=2.11.0, <2.22.0
-urllib3>=1.16, <1.25, !=1.24.1, !=1.24.2
+requests>=2.11.0
diff --git a/setup.py b/setup.py
index 7485f375..8299811d 100644
--- a/setup.py
+++ b/setup.py
@@ -102,8 +102,7 @@ setup(
     license="GPLv2",
     python_requires=">=3.4",
     install_requires=[
-        "requests>=2.11.0, <2.22.0",
-        "urllib3>=1.16, <1.25, !=1.24.1, !=1.24.2",
+        "requests>=2.11.0",
     ],
     packages=[
         "gallery_dl",