Revert caching a default SSLContext #6767

nateprewitt · 2024-07-18T18:00:33Z

This PR reverts the changes from #6667 to the previous behavior. Due to the number of edge cases and concurrency issues we've encountered with this change, we've decided the benefit doesn't currently outweigh the pain to existing infrastructure. We've iterated on a few tries to keep this functionality in place, but are still receiving reports of novel issues with this behavior.

We may be able to revisit this in a later version of Requests but we'll need a much more comprehensive test plan.

nateprewitt · 2024-07-18T18:02:54Z

src/requests/adapters.py

 cert_reqs = "CERT_REQUIRED"
 if verify is False:
 cert_reqs = "CERT_NONE"
- elif verify is True and should_use_default_ssl_context:
- pool_kwargs["ssl_context"] = _preloaded_ssl_context
 elif isinstance(verify, str):
 if not os.path.isdir(verify):


This is one piece I left in place from #6667. We were unilaterally considering any verify string to be ca_certs instead of detecting if it was a directory. That seems like a miss from #6655 unless I'm missing something?

Revert caching a default SSLContext

d520f46

nateprewitt requested review from sigmavirus24 and sethmlarson July 18, 2024 18:00

nateprewitt force-pushed the remove_cached_sslcontext branch from ce40c46 to d520f46 Compare July 18, 2024 18:01

nateprewitt commented Jul 18, 2024

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Revert caching a default SSLContext #6767

Revert caching a default SSLContext #6767

nateprewitt commented Jul 18, 2024

nateprewitt Jul 18, 2024

Revert caching a default SSLContext #6767

Are you sure you want to change the base?

Revert caching a default SSLContext #6767

Conversation

nateprewitt commented Jul 18, 2024

nateprewitt Jul 18, 2024

Choose a reason for hiding this comment