Skip to content

Commit

Permalink
Don't create default SSLContext if ssl module isn't present
Browse files Browse the repository at this point in the history
  • Loading branch information
nateprewitt committed May 28, 2024
1 parent 145b539 commit e597efe
Showing 1 changed file with 19 additions and 5 deletions.
24 changes: 19 additions & 5 deletions src/requests/adapters.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,10 +73,18 @@ def SOCKSProxyManager(*args, **kwargs):
DEFAULT_RETRIES = 0
DEFAULT_POOL_TIMEOUT = None

_preloaded_ssl_context = create_urllib3_context()
_preloaded_ssl_context.load_verify_locations(
extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
)

try:
import ssl # noqa: F401

_preloaded_ssl_context = create_urllib3_context()
_preloaded_ssl_context.load_verify_locations(
extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
)
except ImportError:
# Bypass default SSLContext creation when Python interpreter
# interpreter isn't built with the ssl module.
_preloaded_ssl_context = None


def _urllib3_request_context(
Expand All @@ -90,13 +98,19 @@ def _urllib3_request_context(
parsed_request_url = urlparse(request.url)
scheme = parsed_request_url.scheme.lower()
port = parsed_request_url.port

# Determine if we have and should use our default SSLContext
# to optimize performance on standard requests.
poolmanager_kwargs = getattr(poolmanager, "connection_pool_kw", {})
has_poolmanager_ssl_context = poolmanager_kwargs.get("ssl_context")
should_use_default_ssl_context = (
_preloaded_ssl_context is not None and not has_poolmanager_ssl_context
)

cert_reqs = "CERT_REQUIRED"
if verify is False:
cert_reqs = "CERT_NONE"
elif verify is True and not has_poolmanager_ssl_context:
elif verify is True and should_use_default_ssl_context:
pool_kwargs["ssl_context"] = _preloaded_ssl_context
elif isinstance(verify, str):
if not os.path.isdir(verify):
Expand Down

0 comments on commit e597efe

Please sign in to comment.