| 21 | |
| 22 | |
| 23 | def create_ssl_context( |
| 24 | verify: ssl.SSLContext | str | bool = True, |
| 25 | cert: CertTypes | None = None, |
| 26 | trust_env: bool = True, |
| 27 | ) -> ssl.SSLContext: |
| 28 | import ssl |
| 29 | import warnings |
| 30 | |
| 31 | import certifi |
| 32 | |
| 33 | if verify is True: |
| 34 | if trust_env and os.environ.get("SSL_CERT_FILE"): # pragma: nocover |
| 35 | ctx = ssl.create_default_context(cafile=os.environ["SSL_CERT_FILE"]) |
| 36 | elif trust_env and os.environ.get("SSL_CERT_DIR"): # pragma: nocover |
| 37 | ctx = ssl.create_default_context(capath=os.environ["SSL_CERT_DIR"]) |
| 38 | else: |
| 39 | # Default case... |
| 40 | ctx = ssl.create_default_context(cafile=certifi.where()) |
| 41 | elif verify is False: |
| 42 | ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) |
| 43 | ctx.check_hostname = False |
| 44 | ctx.verify_mode = ssl.CERT_NONE |
| 45 | elif isinstance(verify, str): # pragma: nocover |
| 46 | message = ( |
| 47 | "`verify=<str>` is deprecated. " |
| 48 | "Use `verify=ssl.create_default_context(cafile=...)` " |
| 49 | "or `verify=ssl.create_default_context(capath=...)` instead." |
| 50 | ) |
| 51 | warnings.warn(message, DeprecationWarning) |
| 52 | if os.path.isdir(verify): |
| 53 | return ssl.create_default_context(capath=verify) |
| 54 | return ssl.create_default_context(cafile=verify) |
| 55 | else: |
| 56 | ctx = verify |
| 57 | |
| 58 | if cert: # pragma: nocover |
| 59 | message = ( |
| 60 | "`cert=...` is deprecated. Use `verify=<ssl_context>` instead," |
| 61 | "with `.load_cert_chain()` to configure the certificate chain." |
| 62 | ) |
| 63 | warnings.warn(message, DeprecationWarning) |
| 64 | if isinstance(cert, str): |
| 65 | ctx.load_cert_chain(cert) |
| 66 | else: |
| 67 | ctx.load_cert_chain(*cert) |
| 68 | |
| 69 | return ctx |
| 70 | |
| 71 | |
| 72 | class Timeout: |