Explicitly load default certificates when creating SSL context (httpi…

…e#1583) Requests prior to 2.32.3 always loaded the default (system-wide) set of trusted certificates into custom SSL contexts. 2.32.3 no longer does. This has broken a lot of users, but the fix is moving slowly upstream due to security considerations - see psf/requests#6730 and psf/requests#6731 . As suggested at psf/requests#6710 (comment) this can be worked around by explicitly loading the default certificates into the context. We check the method exists before calling it just to be safe, but I'm pretty sure it's been there as long as this interface has existed. Signed-off-by: Adam Williamson <awilliam@redhat.com>
AdamWill · Sep 4, 2024 · eb7a56f · eb7a56f
1 parent f4cf43e
commit eb7a56f
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/httpie/ssl_.py b/httpie/ssl_.py
@@ -48,6 +48,8 @@ def __init__(
             ssl_version=ssl_version,
             ciphers=ciphers,
         )
+        if getattr(self._ssl_context, 'load_default_certs', None) is not None:
+            self._ssl_context.load_default_certs()
         super().__init__(**kwargs)
 
     def init_poolmanager(self, *args, **kwargs):