cli icon indicating copy to clipboard operation
cli copied to clipboard
verified publisher icon httpie

Explicitly load default certificates when creating SSL context (#1583)

Open AdamWill opened this issue 1 year ago • 3 comments

Requests prior to 2.32.3 always loaded the default (system-wide) set of trusted certificates into custom SSL contexts. 2.32.3 no longer does. This has broken a lot of users, but the fix is moving slowly upstream due to security considerations - see https://github.com/psf/requests/issues/6730 and https://github.com/psf/requests/pull/6731 .

As suggested at https://github.com/psf/requests/pull/6710#issuecomment-2137802782 this can be worked around by explicitly loading the default certificates into the context. We check the method exists before calling it just to be safe, it was added in Python 3.4.

Also, drop the dependency pin as it's no longer needed with this workaround.

AdamWill avatar Sep 04 '24 00:09 AdamWill

tweaked to only do anything if there are no certs loaded into the context already, just in case there's some way you could cause custom certs to be used via an environment variable or something.

AdamWill avatar Sep 06 '24 22:09 AdamWill

Please merge soon !

hinricht avatar Sep 18 '24 08:09 hinricht

I just confronted this problem, really appreciate the fix.
I am wondering if somebody could help merge this PR.

IceCodeNew avatar Sep 26 '24 07:09 IceCodeNew