Fix `verify=False`, `cert=...` case. (#3442)

author Tom Christie <tom@tomchristie.com>

Wed, 4 Dec 2024 11:29:09 +0000 (11:29 +0000)

committer GitHub <noreply@github.com>

Wed, 4 Dec 2024 11:29:09 +0000 (11:29 +0000)
author Tom Christie <tom@tomchristie.com>
Wed, 4 Dec 2024 11:29:09 +0000 (11:29 +0000)
committer GitHub <noreply@github.com>
Wed, 4 Dec 2024 11:29:09 +0000 (11:29 +0000)
diff --git a/CHANGELOG.md b/CHANGELOG.md

index 060013b0f3cb930eeb721543ebf5218c75ebee4b..4f1233ef8b64a0bf20f1a8b43c8e8bb192b245de 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
  
  The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
  
+## Dev
+
+* Fix SSL case where `verify=False` together with client side certificates.
+ 
  ## 0.28.0 (28th November, 2024)
  
  The 0.28 release includes a limited set of deprecations.
diff --git a/httpx/_config.py b/httpx/_config.py

index dbd2b46cd1e41a5688c11d33d4196f5ad17abcf3..467a6c90ae269babe3af7963d9d7c78b9f012268 100644 (file)
--- a/httpx/_config.py
+++ b/httpx/_config.py
@@ -39,10 +39,9 @@ def create_ssl_context(
              # Default case...
              ctx = ssl.create_default_context(cafile=certifi.where())
      elif verify is False:
-        ssl_context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
-        ssl_context.check_hostname = False
-        ssl_context.verify_mode = ssl.CERT_NONE
-        return ssl_context
+        ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+        ctx.check_hostname = False
+        ctx.verify_mode = ssl.CERT_NONE
      elif isinstance(verify, str):  # pragma: nocover
          message = (
              "`verify=<str>` is deprecated. "
author	Tom Christie <tom@tomchristie.com>
	Wed, 4 Dec 2024 11:29:09 +0000 (11:29 +0000)
committer	GitHub <noreply@github.com>
	Wed, 4 Dec 2024 11:29:09 +0000 (11:29 +0000)
CHANGELOG.md		patch \| blob \| blame \| history
httpx/_config.py		patch \| blob \| blame \| history