From 7a19076d8578211feb342f6dbacfbde98e527a1d Mon Sep 17 00:00:00 2001 From: Brett Holman Date: Thu, 15 Aug 2024 06:20:48 -0600 Subject: [PATCH] Do not load ssl context during import --- src/requests/adapters.py | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/requests/adapters.py b/src/requests/adapters.py index 9a58b16025..d78f31a17e 100644 --- a/src/requests/adapters.py +++ b/src/requests/adapters.py @@ -74,17 +74,20 @@ def SOCKSProxyManager(*args, **kwargs): DEFAULT_POOL_TIMEOUT = None -try: - import ssl # noqa: F401 - - _preloaded_ssl_context = create_urllib3_context() - _preloaded_ssl_context.load_verify_locations( - extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH) - ) -except ImportError: - # Bypass default SSLContext creation when Python - # interpreter isn't built with the ssl module. - _preloaded_ssl_context = None +_cached_ssl_context = None +def load_cached_ssl_context(): + global _cached_ssl_context + try: + import ssl # noqa: F401 + + _cached_ssl_context = create_urllib3_context() + _cached_ssl_context.load_verify_locations( + extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH) + ) + except ImportError: + # Bypass default SSLContext creation when Python + # interpreter isn't built with the ssl module. + _cached_ssl_context = None def _urllib3_request_context( @@ -103,15 +106,16 @@ def _urllib3_request_context( # to optimize performance on standard requests. poolmanager_kwargs = getattr(poolmanager, "connection_pool_kw", {}) has_poolmanager_ssl_context = poolmanager_kwargs.get("ssl_context") + load_cached_ssl_context() should_use_default_ssl_context = ( - _preloaded_ssl_context is not None and not has_poolmanager_ssl_context + _cached_ssl_context is not None and not has_poolmanager_ssl_context ) cert_reqs = "CERT_REQUIRED" if verify is False: cert_reqs = "CERT_NONE" elif verify is True and should_use_default_ssl_context: - pool_kwargs["ssl_context"] = _preloaded_ssl_context + pool_kwargs["ssl_context"] = _cached_ssl_context elif isinstance(verify, str): if not os.path.isdir(verify): pool_kwargs["ca_certs"] = verify