2020-05-23 13:26:06 +02:00
|
|
|
import ssl
|
|
|
|
|
|
|
|
from requests.adapters import HTTPAdapter
|
|
|
|
# noinspection PyPackageRequirements
|
2020-05-23 15:01:33 +02:00
|
|
|
from urllib3.util.ssl_ import (
|
|
|
|
DEFAULT_CIPHERS, create_urllib3_context,
|
|
|
|
resolve_ssl_version,
|
|
|
|
)
|
2020-05-23 13:26:06 +02:00
|
|
|
|
|
|
|
|
|
|
|
DEFAULT_SSL_CIPHERS = DEFAULT_CIPHERS
|
|
|
|
SSL_VERSION_ARG_MAPPING = {
|
|
|
|
'ssl2.3': 'PROTOCOL_SSLv23',
|
|
|
|
'ssl3': 'PROTOCOL_SSLv3',
|
|
|
|
'tls1': 'PROTOCOL_TLSv1',
|
|
|
|
'tls1.1': 'PROTOCOL_TLSv1_1',
|
|
|
|
'tls1.2': 'PROTOCOL_TLSv1_2',
|
|
|
|
'tls1.3': 'PROTOCOL_TLSv1_3',
|
|
|
|
}
|
|
|
|
AVAILABLE_SSL_VERSION_ARG_MAPPING = {
|
|
|
|
arg: getattr(ssl, constant_name)
|
|
|
|
for arg, constant_name in SSL_VERSION_ARG_MAPPING.items()
|
|
|
|
if hasattr(ssl, constant_name)
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
class HTTPieHTTPSAdapter(HTTPAdapter):
|
2020-05-23 20:19:16 +02:00
|
|
|
def __init__(
|
|
|
|
self,
|
|
|
|
verify: bool,
|
|
|
|
ssl_version: str = None,
|
|
|
|
ciphers: str = None,
|
|
|
|
**kwargs
|
|
|
|
):
|
2020-05-23 20:30:25 +02:00
|
|
|
self._ssl_context = self._create_ssl_context(
|
|
|
|
verify=verify,
|
|
|
|
ssl_version=ssl_version,
|
2020-05-23 13:26:06 +02:00
|
|
|
ciphers=ciphers,
|
|
|
|
)
|
|
|
|
super().__init__(**kwargs)
|
|
|
|
|
|
|
|
def init_poolmanager(self, *args, **kwargs):
|
|
|
|
kwargs['ssl_context'] = self._ssl_context
|
|
|
|
return super().init_poolmanager(*args, **kwargs)
|
|
|
|
|
|
|
|
def proxy_manager_for(self, *args, **kwargs):
|
|
|
|
kwargs['ssl_context'] = self._ssl_context
|
|
|
|
return super().proxy_manager_for(*args, **kwargs)
|
2020-05-23 20:30:25 +02:00
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def _create_ssl_context(
|
|
|
|
verify: bool,
|
|
|
|
ssl_version: str = None,
|
|
|
|
ciphers: str = None,
|
|
|
|
) -> ssl.SSLContext:
|
|
|
|
return create_urllib3_context(
|
|
|
|
ciphers=ciphers,
|
|
|
|
ssl_version=resolve_ssl_version(ssl_version),
|
|
|
|
# Since we are using a custom SSL context, we need to pass this
|
|
|
|
# here manually, even though it’s also passed to the connection
|
|
|
|
# in `super().cert_verify()`.
|
|
|
|
cert_reqs=ssl.CERT_REQUIRED if verify else ssl.CERT_NONE
|
|
|
|
)
|