Skip to content

Commit

Permalink
Explicitly load default certificates when creating SSL context (httpi…
Browse files Browse the repository at this point in the history
…e#1583)

Requests prior to 2.32.3 always loaded the default (system-wide)
set of trusted certificates into custom SSL contexts. 2.32.3 no
longer does. This has broken a lot of users, but the fix is
moving slowly upstream due to security considerations - see
psf/requests#6730 and
psf/requests#6731 .

As suggested at
psf/requests#6710 (comment)
this can be worked around by explicitly loading the default
certificates into the context. We check the method exists before
calling it just to be safe, it was added in Python 3.4.

Signed-off-by: Adam Williamson <[email protected]>
  • Loading branch information
AdamWill committed Sep 6, 2024
1 parent f4cf43e commit 2eaac78
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions httpie/ssl_.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,13 @@ def __init__(
ssl_version=ssl_version,
ciphers=ciphers,
)
# workaround for a bug in requests 2.32.3, see:
# https://github.com/httpie/cli/issues/1583
if getattr(self._ssl_context, 'load_default_certs', None) is not None:
# if load_default_certs is present, get_ca_certs must be
# also, no need for another getattr
if not self._ssl_context.get_ca_certs():
self._ssl_context.load_default_certs()
super().__init__(**kwargs)

def init_poolmanager(self, *args, **kwargs):
Expand Down

0 comments on commit 2eaac78

Please sign in to comment.