From 2eaac7899f28389b7c8b787ad255408fabeb7766 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 3 Sep 2024 16:58:01 -0700
Subject: [PATCH 1/2] Explicitly load default certificates when creating SSL
 context (#1583)

Requests prior to 2.32.3 always loaded the default (system-wide)
set of trusted certificates into custom SSL contexts. 2.32.3 no
longer does. This has broken a lot of users, but the fix is
moving slowly upstream due to security considerations - see
https://github.com/psf/requests/issues/6730 and
https://github.com/psf/requests/pull/6731 .

As suggested at
https://github.com/psf/requests/pull/6710#issuecomment-2137802782
this can be worked around by explicitly loading the default
certificates into the context. We check the method exists before
calling it just to be safe, it was added in Python 3.4.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 httpie/ssl_.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/httpie/ssl_.py b/httpie/ssl_.py
index af5ca548db..33fde598bd 100644
--- a/httpie/ssl_.py
+++ b/httpie/ssl_.py
@@ -48,6 +48,13 @@ def __init__(
             ssl_version=ssl_version,
             ciphers=ciphers,
         )
+        # workaround for a bug in requests 2.32.3, see:
+        # https://github.com/httpie/cli/issues/1583
+        if getattr(self._ssl_context, 'load_default_certs', None) is not None:
+            # if load_default_certs is present, get_ca_certs must be
+            # also, no need for another getattr
+            if not self._ssl_context.get_ca_certs():
+                self._ssl_context.load_default_certs()
         super().__init__(**kwargs)
 
     def init_poolmanager(self, *args, **kwargs):

From b374fa8238f99c888ba6f8f04b0a8487e53bdaa2 Mon Sep 17 00:00:00 2001
From: Adam Williamson <awilliam@redhat.com>
Date: Tue, 3 Sep 2024 17:07:43 -0700
Subject: [PATCH 2/2] Drop the upper bound on the requests dependency again

As we can now work with requests 2.32.3+, we no longer need this
pin.

Signed-off-by: Adam Williamson <awilliam@redhat.com>
---
 setup.cfg | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/setup.cfg b/setup.cfg
index 3766339326..85490981aa 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -50,7 +50,7 @@ install_requires =
     pip
     charset_normalizer>=2.0.0
     defusedxml>=0.6.0
-    requests[socks] >=2.22.0, <=2.31.0
+    requests[socks] >=2.22.0
     Pygments>=2.5.2
     requests-toolbelt>=0.9.1
     multidict>=4.7.0