| 722 | self.ca_cert_data = ca_cert_data |
| 723 | |
| 724 | def connect(self) -> None: |
| 725 | # Today we don't need to be doing this step before the /actual/ socket |
| 726 | # connection, however in the future we'll need to decide whether to |
| 727 | # create a new socket or re-use an existing "shared" socket as a part |
| 728 | # of the HTTP/2 handshake dance. |
| 729 | if self._tunnel_host is not None and self._tunnel_port is not None: |
| 730 | probe_http2_host = self._tunnel_host |
| 731 | probe_http2_port = self._tunnel_port |
| 732 | else: |
| 733 | probe_http2_host = self.host |
| 734 | probe_http2_port = self.port |
| 735 | |
| 736 | # Check if the target origin supports HTTP/2. |
| 737 | # If the value comes back as 'None' it means that the current thread |
| 738 | # is probing for HTTP/2 support. Otherwise, we're waiting for another |
| 739 | # probe to complete, or we get a value right away. |
| 740 | target_supports_http2: bool | None |
| 741 | if "h2" in ssl_.ALPN_PROTOCOLS: |
| 742 | target_supports_http2 = http2_probe.acquire_and_get( |
| 743 | host=probe_http2_host, port=probe_http2_port |
| 744 | ) |
| 745 | else: |
| 746 | # If HTTP/2 isn't going to be offered it doesn't matter if |
| 747 | # the target supports HTTP/2. Don't want to make a probe. |
| 748 | target_supports_http2 = False |
| 749 | |
| 750 | if self._connect_callback is not None: |
| 751 | self._connect_callback( |
| 752 | "before connect", |
| 753 | thread_id=threading.get_ident(), |
| 754 | target_supports_http2=target_supports_http2, |
| 755 | ) |
| 756 | |
| 757 | try: |
| 758 | sock: socket.socket | ssl.SSLSocket |
| 759 | self.sock = sock = self._new_conn() |
| 760 | server_hostname: str = self.host |
| 761 | tls_in_tls = False |
| 762 | |
| 763 | # Do we need to establish a tunnel? |
| 764 | if self.proxy_is_tunneling: |
| 765 | # We're tunneling to an HTTPS origin so need to do TLS-in-TLS. |
| 766 | if self._tunnel_scheme == "https": |
| 767 | # _connect_tls_proxy will verify and assign proxy_is_verified |
| 768 | self.sock = sock = self._connect_tls_proxy(self.host, sock) |
| 769 | tls_in_tls = True |
| 770 | elif self._tunnel_scheme == "http": |
| 771 | self.proxy_is_verified = False |
| 772 | |
| 773 | # If we're tunneling it means we're connected to our proxy. |
| 774 | self._has_connected_to_proxy = True |
| 775 | |
| 776 | self._tunnel() |
| 777 | # Override the host with the one we're requesting data from. |
| 778 | server_hostname = typing.cast(str, self._tunnel_host) |
| 779 | |
| 780 | if self.server_hostname is not None: |
| 781 | server_hostname = self.server_hostname |