Fix client for HTTPS endpoints for python 3.12

abhinavsingh · Aug 12, 2024 · 0a2dc9f · 0a2dc9f
1 parent 74c42f6
commit 0a2dc9f
Showing 1 changed file with 18 additions and 13 deletions.
diff --git a/proxy/http/client.py b/proxy/http/client.py
@@ -11,9 +11,14 @@
 import ssl
 from typing import Optional
 
+import certifi
+
 from .parser import HttpParser, httpParserTypes
+from ..common.types import TcpOrTlsSocket
 from ..common.utils import build_http_request, new_socket_connection
-from ..common.constants import HTTPS_PROTO, DEFAULT_TIMEOUT
+from ..common.constants import (
+    HTTPS_PROTO, DEFAULT_TIMEOUT, DEFAULT_SSL_CONTEXT_OPTIONS,
+)
 
 
 def client(
@@ -41,18 +46,18 @@ def client(
         conn = new_socket_connection((host.decode(), port))
     except ConnectionRefusedError:
         return None
-    try:
-        sock = (
-            ssl.wrap_socket(sock=conn, ssl_version=ssl.PROTOCOL_TLSv1_2)
-            if scheme == HTTPS_PROTO
-            else conn
-        )
-    except Exception:
-        conn.close()
-        return None
-    parser = HttpParser(
-        httpParserTypes.RESPONSE_PARSER,
-    )
+    sock: TcpOrTlsSocket = conn
+    if scheme == HTTPS_PROTO:
+        try:
+            ctx = ssl.SSLContext(protocol=(ssl.PROTOCOL_TLS_CLIENT))
+            ctx.options |= DEFAULT_SSL_CONTEXT_OPTIONS
+            ctx.verify_mode = ssl.CERT_REQUIRED
+            ctx.load_verify_locations(cafile=certifi.where())
+            sock = ctx.wrap_socket(conn, server_hostname=host.decode())
+        except Exception:
+            conn.close()
+            return None
+    parser = HttpParser(httpParserTypes.RESPONSE_PARSER)
     sock.settimeout(timeout)
     try:
         sock.sendall(request)