Skip to content

Commit

Permalink
Explicitly load default certificates when creating SSL context (#1583)
Browse files Browse the repository at this point in the history
Requests prior to 2.32.3 always loaded the default (system-wide)
set of trusted certificates into custom SSL contexts. 2.32.3 no
longer does. This has broken a lot of users, but the fix is
moving slowly upstream due to security considerations - see
psf/requests#6730 and
psf/requests#6731 .

As suggested at
psf/requests#6710 (comment)
this can be worked around by explicitly loading the default
certificates into the context. We check the method exists before
calling it just to be safe, but I'm pretty sure it's been there
as long as this interface has existed.

Signed-off-by: Adam Williamson <[email protected]>
  • Loading branch information
AdamWill committed Sep 4, 2024
1 parent f4cf43e commit 6a0e0aa
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions httpie/ssl_.py
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,10 @@ def __init__(
ssl_version=ssl_version,
ciphers=ciphers,
)
# workaround for a bug in requests 2.32.3, see:
# https://github.com/httpie/cli/issues/1583
if getattr(self._ssl_context, 'load_default_certs', None) is not None:
self._ssl_context.load_default_certs()
super().__init__(**kwargs)

def init_poolmanager(self, *args, **kwargs):
Expand Down

0 comments on commit 6a0e0aa

Please sign in to comment.