Seth Michael Larson

You'd have to manually do this with a cookiejar currently, our `HTTPResponse` is compatible to be used by the standard library cookiejar. urllib3 doesn't have helpers currently for this.

Went through how `HTTP[S]ConnectionPool` uses `HTTP[S]Connection` and found the following methods and parameters in use: ```python import socket from urllib3.util import Timeout from urllib3.response import BaseHTTPResponse class BaseHTTPConnection: http_version: str...

FYI: Need to go back and look at the changes made in https://github.com/urllib3/urllib3/pull/2251 after this lands to update usages of `HTTPConnection` to `BaseHTTPConnection`.

Thanks for raising these questions @bluetech, despite this issue looking like it's completely fleshed out it's almost certainly not 100% covered. Lots of discovery left to do. - Yes `set_tunnel()`...

Removing the bounty from this parent issue and going to create sub-issues so this work is easier to scope for individuals.

@IvanLauLinTiong I uploaded the package `urllib3-secure-extra` to PyPI not long ago: https://pypi.org/project/urllib3-secure-extra You'd add this package to our `[secure]` extra and then if it's importable (via `import urllib3_secure_extra`) then you...

@IvanLauLinTiong We wouldn't yank the package, it would only serve as a marker to show that the `[secure]` extra was installed. Instead of the warning being inside of `urllib3_secure_extra` module...

Thanks @IvanLauLinTiong! I'll look to close these issues if they're no longer necessary.

Because that would break old versions' reproducibility unnecessarily? The break can happen at the time the actual code and extra are removed just as well.

Yanks won't break if you're installing via `pip install urllib3_secure_extra==...` but that's not how the `[secure]` extra depends on the package. So if someone was installing via `python -m pip...