From 0a2dc9fff908a8c0bde3906c4721a1a04bf3902d Mon Sep 17 00:00:00 2001
From: Abhinav Singh <mailsforabhinav@gmail.com>
Date: Mon, 12 Aug 2024 13:31:10 +0530
Subject: [PATCH] Fix client for HTTPS endpoints for python 3.12

---
 proxy/http/client.py | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/proxy/http/client.py b/proxy/http/client.py
index 67a87fa46c..2537dc596f 100644
--- a/proxy/http/client.py
+++ b/proxy/http/client.py
@@ -11,9 +11,14 @@
 import ssl
 from typing import Optional
 
+import certifi
+
 from .parser import HttpParser, httpParserTypes
+from ..common.types import TcpOrTlsSocket
 from ..common.utils import build_http_request, new_socket_connection
-from ..common.constants import HTTPS_PROTO, DEFAULT_TIMEOUT
+from ..common.constants import (
+    HTTPS_PROTO, DEFAULT_TIMEOUT, DEFAULT_SSL_CONTEXT_OPTIONS,
+)
 
 
 def client(
@@ -41,18 +46,18 @@ def client(
         conn = new_socket_connection((host.decode(), port))
     except ConnectionRefusedError:
         return None
-    try:
-        sock = (
-            ssl.wrap_socket(sock=conn, ssl_version=ssl.PROTOCOL_TLSv1_2)
-            if scheme == HTTPS_PROTO
-            else conn
-        )
-    except Exception:
-        conn.close()
-        return None
-    parser = HttpParser(
-        httpParserTypes.RESPONSE_PARSER,
-    )
+    sock: TcpOrTlsSocket = conn
+    if scheme == HTTPS_PROTO:
+        try:
+            ctx = ssl.SSLContext(protocol=(ssl.PROTOCOL_TLS_CLIENT))
+            ctx.options |= DEFAULT_SSL_CONTEXT_OPTIONS
+            ctx.verify_mode = ssl.CERT_REQUIRED
+            ctx.load_verify_locations(cafile=certifi.where())
+            sock = ctx.wrap_socket(conn, server_hostname=host.decode())
+        except Exception:
+            conn.close()
+            return None
+    parser = HttpParser(httpParserTypes.RESPONSE_PARSER)
     sock.settimeout(timeout)
     try:
         sock.sendall(request)