Skip to content

Commit

Permalink
Fix/refactor default cert loading
Browse files Browse the repository at this point in the history
  • Loading branch information
jkbrzt committed Nov 1, 2024
1 parent ff74258 commit 2ef4a57
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 10 deletions.
17 changes: 14 additions & 3 deletions httpie/compat.py
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
import sys
from ssl import SSLContext
from typing import Any, Optional, Iterable

from httpie.cookies import HTTPieCookiePolicy
from http import cookiejar # noqa
from http import cookiejar # noqa


# Request does not carry the original policy attached to the
# cookie jar, so until it is resolved we change the global cookie
# policy. <https://github.com/psf/requests/issues/5449>
cookiejar.DefaultCookiePolicy = HTTPieCookiePolicy


is_windows = 'win32' in str(sys.platform).lower()
is_frozen = getattr(sys, 'frozen', False)

Expand Down Expand Up @@ -66,7 +66,6 @@ def __get__(self, instance, cls=None):
res = instance.__dict__[self.name] = self.func(instance)
return res


# importlib_metadata was a provisional module, so the APIs changed quite a few times
# between 3.8-3.10. It was also not included in the standard library until 3.8, so
# we install the backport for <3.8.
Expand Down Expand Up @@ -100,3 +99,15 @@ def get_dist_name(entry_point: importlib_metadata.EntryPoint) -> Optional[str]:
return None
else:
return metadata.get('name')


def ensure_default_certs_loaded(ssl_context: SSLContext) -> None:
"""
Workaround for a bug in Requests 2.32.3
See <https://github.com/httpie/cli/issues/1583>
"""
if hasattr(ssl_context, 'load_default_certs'):
if not ssl_context.get_ca_certs():
ssl_context.load_default_certs()
13 changes: 6 additions & 7 deletions httpie/ssl_.py
Original file line number Diff line number Diff line change
@@ -1,13 +1,15 @@
import ssl
from typing import NamedTuple, Optional

from httpie.adapters import HTTPAdapter
# noinspection PyPackageRequirements
from urllib3.util.ssl_ import (
create_urllib3_context,
resolve_ssl_version,
)

from .adapters import HTTPAdapter
from .compat import ensure_default_certs_loaded


SSL_VERSION_ARG_MAPPING = {
'ssl2.3': 'PROTOCOL_SSLv23',
Expand Down Expand Up @@ -71,19 +73,16 @@ def _create_ssl_context(
ssl_version: str = None,
ciphers: str = None,
) -> 'ssl.SSLContext':
context = create_urllib3_context(
ssl_context = create_urllib3_context(
ciphers=ciphers,
ssl_version=resolve_ssl_version(ssl_version),
# Since we are using a custom SSL context, we need to pass this
# here manually, even though it’s also passed to the connection
# in `super().cert_verify()`.
cert_reqs=ssl.CERT_REQUIRED if verify else ssl.CERT_NONE
)
if not context.get_ca_certs():
# Workaround for a bug in requests 2.32.3
# See <https://github.com/httpie/cli/issues/1583>
context.load_default_certs()
return context
ensure_default_certs_loaded(ssl_context)
return ssl_context

@classmethod
def get_default_ciphers_names(cls):
Expand Down

0 comments on commit 2ef4a57

Please sign in to comment.