Description
Context
In Python 3.13 ssl.create_default_context() sets ssl.VERIFY_X509_PARTIAL_CHAIN and ssl.VERIFY_X509_STRICT but create_urllib3_context() does not. This causes confusion when trying to connect to an HTTPS server that uses a certificate that is not RFC 5280 compliant. urllib3 succeeds to connect while other ssl python code does not.
create_urllib3_context() should set ssl.VERIFY_X509_PARTIAL_CHAIN and ssl.VERIFY_X509_STRICT when sys.version_info >= (3, 13)
Alternatives
Base create_urllib3_context() on ssl.create_default_context() to avoid discrepancies like this in the future.
Duplicate
Contribution
Would you be willing to submit a PR?
Yes