Verify a SSL certificate. This method should not be called from user code, and is only exposed for use when subclassing the :class:`HTTPAdapter <requests.adapters.HTTPAdapter>`. :param conn: The urllib3 connection object associated with the cert. :param url: The requ
(
self, conn: Any, url: str, verify: _t.VerifyType, cert: _t.CertType
)
| 305 | return manager |
| 306 | |
| 307 | def cert_verify( |
| 308 | self, conn: Any, url: str, verify: _t.VerifyType, cert: _t.CertType |
| 309 | ) -> None: |
| 310 | """Verify a SSL certificate. This method should not be called from user |
| 311 | code, and is only exposed for use when subclassing the |
| 312 | :class:`HTTPAdapter <requests.adapters.HTTPAdapter>`. |
| 313 | |
| 314 | :param conn: The urllib3 connection object associated with the cert. |
| 315 | :param url: The requested URL. |
| 316 | :param verify: Either a boolean, in which case it controls whether we verify |
| 317 | the server's TLS certificate, or a string, in which case it must be a path |
| 318 | to a CA bundle to use |
| 319 | :param cert: The SSL certificate to verify. |
| 320 | """ |
| 321 | if url.lower().startswith("https") and verify: |
| 322 | cert_loc = None |
| 323 | |
| 324 | # Allow self-specified cert location. |
| 325 | if verify is not True: |
| 326 | cert_loc = verify |
| 327 | |
| 328 | if not cert_loc: |
| 329 | cert_loc = DEFAULT_CA_BUNDLE_PATH |
| 330 | |
| 331 | if not cert_loc or not os.path.exists(cert_loc): |
| 332 | raise OSError( |
| 333 | f"Could not find a suitable TLS CA certificate bundle, " |
| 334 | f"invalid path: {cert_loc}" |
| 335 | ) |
| 336 | |
| 337 | conn.cert_reqs = "CERT_REQUIRED" |
| 338 | |
| 339 | if not os.path.isdir(cert_loc): |
| 340 | conn.ca_certs = cert_loc |
| 341 | else: |
| 342 | conn.ca_cert_dir = cert_loc |
| 343 | else: |
| 344 | conn.cert_reqs = "CERT_NONE" |
| 345 | conn.ca_certs = None |
| 346 | conn.ca_cert_dir = None |
| 347 | |
| 348 | if cert: |
| 349 | if not isinstance(cert, basestring): |
| 350 | conn.cert_file = cert[0] |
| 351 | conn.key_file = cert[1] |
| 352 | else: |
| 353 | conn.cert_file = cert |
| 354 | conn.key_file = None |
| 355 | if conn.cert_file and not os.path.exists(conn.cert_file): |
| 356 | raise OSError( |
| 357 | f"Could not find the TLS certificate file, " |
| 358 | f"invalid path: {conn.cert_file}" |
| 359 | ) |
| 360 | if conn.key_file and not os.path.exists(conn.key_file): |
| 361 | raise OSError( |
| 362 | f"Could not find the TLS key file, invalid path: {conn.key_file}" |
| 363 | ) |
| 364 |