Skip to content

Commit

Permalink
Merge pull request #6074 from nateprewitt/curl_ca_bundle
Browse files Browse the repository at this point in the history
Fix environment CA Bundle resolution
  • Loading branch information
sigmavirus24 authored Feb 26, 2022
2 parents 5e74954 + 79c4a01 commit 79f6027
Show file tree
Hide file tree
Showing 2 changed files with 49 additions and 6 deletions.
19 changes: 13 additions & 6 deletions requests/sessions.py
Original file line number Diff line number Diff line change
Expand Up @@ -702,20 +702,27 @@ def merge_environment_settings(self, url, proxies, stream, verify, cert):
for (k, v) in env_proxies.items():
proxies.setdefault(k, v)

# Look for requests environment configuration and be compatible
# with cURL.
# Look for requests environment configuration
# and be compatible with cURL.
if verify is True or verify is None:
verify = (os.environ.get('REQUESTS_CA_BUNDLE') or
os.environ.get('CURL_CA_BUNDLE'))
verify = (
os.environ.get('REQUESTS_CA_BUNDLE')
or os.environ.get('CURL_CA_BUNDLE')
or verify
)

# Merge all the kwargs.
proxies = merge_setting(proxies, self.proxies)
stream = merge_setting(stream, self.stream)
verify = merge_setting(verify, self.verify)
cert = merge_setting(cert, self.cert)

return {'verify': verify, 'proxies': proxies, 'stream': stream,
'cert': cert}
return {
'proxies': proxies,
'stream': stream,
'verify': verify,
'cert': cert
}

def get_adapter(self, url):
"""
Expand Down
36 changes: 36 additions & 0 deletions tests/test_requests.py
Original file line number Diff line number Diff line change
Expand Up @@ -898,6 +898,42 @@ def test_invalid_ssl_certificate_files(self, httpbin_secure):
requests.get(httpbin_secure(), cert=('.', INVALID_PATH))
assert str(e.value) == 'Could not find the TLS key file, invalid path: {}'.format(INVALID_PATH)

@pytest.mark.parametrize(
'env, expected', (
({}, True),
({'REQUESTS_CA_BUNDLE': '/some/path'}, '/some/path'),
({'REQUESTS_CA_BUNDLE': ''}, True),
({'CURL_CA_BUNDLE': '/some/path'}, '/some/path'),
({'CURL_CA_BUNDLE': ''}, True),
({'REQUESTS_CA_BUNDLE': '', 'CURL_CA_BUNDLE': ''}, True),
(
{
'REQUESTS_CA_BUNDLE': '/some/path',
'CURL_CA_BUNDLE': '/curl/path',
},
'/some/path',
),
(
{
'REQUESTS_CA_BUNDLE': '',
'CURL_CA_BUNDLE': '/curl/path',
},
'/curl/path',
),
)
)
def test_env_cert_bundles(self, httpbin, mocker, env, expected):
s = requests.Session()
mocker.patch('os.environ', env)
settings = s.merge_environment_settings(
url=httpbin('get'),
proxies={},
stream=False,
verify=True,
cert=None
)
assert settings['verify'] == expected

def test_http_with_certificate(self, httpbin):
r = requests.get(httpbin(), cert='.')
assert r.status_code == 200
Expand Down

0 comments on commit 79f6027

Please sign in to comment.