fix: Patch preloaded SSL context for requests library

requests 2.32.0 introduced a preloaded SSL context, which needs to be patched manually unfortunately
sethmlarson · Dec 2, 2024 · e3d91ee · e3d91ee
1 parent 5ae2476
commit e3d91ee
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/src/truststore/_api.py b/src/truststore/_api.py
@@ -34,6 +34,7 @@ def inject_into_ssl() -> None:
     module by replacing :class:`ssl.SSLContext`.
     """
     setattr(ssl, "SSLContext", SSLContext)
+
     # urllib3 holds on to its own reference of ssl.SSLContext
     # so we need to replace that reference too.
     try:
@@ -43,6 +44,19 @@ def inject_into_ssl() -> None:
     except ImportError:
         pass
 
+    # requests starting with 3.23.0 added a preloaded SSL context to improve concurrent performance;
+    # this unfortunately leads to a RecursionError, which can be avoided by patching the preloaded SSL context with
+    # the truststore patched instance
+    # also see https://github.com/psf/requests/pull/6667
+    try:
+        import requests.adapters
+
+        preloaded_context = getattr(requests.adapters, "_preloaded_ssl_context", None)
+        if preloaded_context is not None:
+            setattr(requests.adapters, "_preloaded_ssl_context", SSLContext(ssl.PROTOCOL_TLS_CLIENT))
+    except ImportError:
+        pass
+
 
 def extract_from_ssl() -> None:
     """Restores the :class:`ssl.SSLContext` class to its original state"""