Context

In Python 3.13 ssl.create_default_context() sets ssl.VERIFY_X509_PARTIAL_CHAIN and ssl.VERIFY_X509_STRICT but create_urllib3_context() does not. This causes confusion when trying to connect to an HTTPS server that uses a certificate that is not RFC 5280 compliant. urllib3 succeeds to connect while other ssl python code does not.

create_urllib3_context() should set ssl.VERIFY_X509_PARTIAL_CHAIN and ssl.VERIFY_X509_STRICT when sys.version_info >= (3, 13)

Alternatives

Base create_urllib3_context() on ssl.create_default_context() to avoid discrepancies like this in the future.

Duplicate

#712

Contribution

Would you be willing to submit a PR?
Yes