Skip to content

2.32.5 breaks passing custom SSL context #7040

New issue
New issue
Open
#7044
Open
2.32.5 breaks passing custom SSL context#7040
#7044
@Tasssadar

Description

@Tasssadar
Tasssadar
opened on Oct 6, 2025

2.32.5 change 90fee08 breaks passing of custom ssl context using an adapter like this:

class SSLContextAdapter(requests.adapters.HTTPAdapter):
    @override
    def init_poolmanager(self, *args: Any, **kwargs: Any) -> Any:
        kwargs["ssl_context"] = ssl.create_default_context()
        return super().init_poolmanager(*args, **kwargs)  # type: ignore

ssl_adapter = SSLContextAdapter()
session.mount("https://", ssl_adapter)

Now, if verify=True, the code in

requests/src/requests/adapters.py

Lines 292 to 313 in 90fee08

if url.lower().startswith("https") and verify:
cert_loc = None
# Allow self-specified cert location.
if verify is not True:
cert_loc = verify
if not cert_loc:
cert_loc = extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
if not cert_loc or not os.path.exists(cert_loc):
raise OSError(
f"Could not find a suitable TLS CA certificate bundle, "
f"invalid path: {cert_loc}"
)
conn.cert_reqs = "CERT_REQUIRED"
if not os.path.isdir(cert_loc):
conn.ca_certs = cert_loc
else:
conn.ca_cert_dir = cert_loc
always sets ca_certs, which causes urllib3 to modify the ssl_context by loading more certs into it here.

EDIT: I can be fixed by overriding also cert_verify:

class SSLContextAdapter(requests.adapters.HTTPAdapter):
    @override
    def init_poolmanager(self, *args: Any, **kwargs: Any) -> Any:
        kwargs["ssl_context"] = ssl.create_default_context()
        return super().init_poolmanager(*args, **kwargs)  # type: ignore

    @override
    def cert_verify(self, *_args: Any, **_kwargs: Any) -> None:
        pass


ssl_adapter = SSLContextAdapter()
session.mount("https://", ssl_adapter)

I'd say this belongs to documentation and needs some tests, so that future changes don't break it again - will prepare a PR if I'll have time.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions