From 7a19076d8578211feb342f6dbacfbde98e527a1d Mon Sep 17 00:00:00 2001
From: Brett Holman <bholman.devel@gmail.com>
Date: Thu, 15 Aug 2024 06:20:48 -0600
Subject: [PATCH] Do not load ssl context during import

---
 src/requests/adapters.py | 30 +++++++++++++++++-------------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/src/requests/adapters.py b/src/requests/adapters.py
index 9a58b16025..d78f31a17e 100644
--- a/src/requests/adapters.py
+++ b/src/requests/adapters.py
@@ -74,17 +74,20 @@ def SOCKSProxyManager(*args, **kwargs):
 DEFAULT_POOL_TIMEOUT = None
 
 
-try:
-    import ssl  # noqa: F401
-
-    _preloaded_ssl_context = create_urllib3_context()
-    _preloaded_ssl_context.load_verify_locations(
-        extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
-    )
-except ImportError:
-    # Bypass default SSLContext creation when Python
-    # interpreter isn't built with the ssl module.
-    _preloaded_ssl_context = None
+_cached_ssl_context = None
+def load_cached_ssl_context():
+    global _cached_ssl_context
+    try:
+        import ssl  # noqa: F401
+
+        _cached_ssl_context = create_urllib3_context()
+        _cached_ssl_context.load_verify_locations(
+            extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
+        )
+    except ImportError:
+        # Bypass default SSLContext creation when Python
+        # interpreter isn't built with the ssl module.
+        _cached_ssl_context = None
 
 
 def _urllib3_request_context(
@@ -103,15 +106,16 @@ def _urllib3_request_context(
     # to optimize performance on standard requests.
     poolmanager_kwargs = getattr(poolmanager, "connection_pool_kw", {})
     has_poolmanager_ssl_context = poolmanager_kwargs.get("ssl_context")
+    load_cached_ssl_context()
     should_use_default_ssl_context = (
-        _preloaded_ssl_context is not None and not has_poolmanager_ssl_context
+        _cached_ssl_context is not None and not has_poolmanager_ssl_context
     )
 
     cert_reqs = "CERT_REQUIRED"
     if verify is False:
         cert_reqs = "CERT_NONE"
     elif verify is True and should_use_default_ssl_context:
-        pool_kwargs["ssl_context"] = _preloaded_ssl_context
+        pool_kwargs["ssl_context"] = _cached_ssl_context
     elif isinstance(verify, str):
         if not os.path.isdir(verify):
             pool_kwargs["ca_certs"] = verify