Fix environment CA Bundle resolution

2026-06-05 22:50:18 +00:00 · 2022-02-25 11:25:20 -07:00
parent 5e749546a2
commit 79c4a017fe
2 changed files with 49 additions and 6 deletions
@@ -702,11 +702,14 @@ class Session(SessionRedirectMixin):
            for (k, v) in env_proxies.items():
                proxies.setdefault(k, v)

-            # Look for requests environment configuration and be compatible
-            # with cURL.
+            # Look for requests environment configuration
+            # and be compatible with cURL.
            if verify is True or verify is None:
-                verify = (os.environ.get('REQUESTS_CA_BUNDLE') or
-                          os.environ.get('CURL_CA_BUNDLE'))
+                verify = (
+                    os.environ.get('REQUESTS_CA_BUNDLE')
+                    or os.environ.get('CURL_CA_BUNDLE')
+                    or verify
+                )

        # Merge all the kwargs.
        proxies = merge_setting(proxies, self.proxies)
@@ -714,8 +717,12 @@ class Session(SessionRedirectMixin):
        verify = merge_setting(verify, self.verify)
        cert = merge_setting(cert, self.cert)

-        return {'verify': verify, 'proxies': proxies, 'stream': stream,
-                'cert': cert}
+        return {
+            'proxies': proxies,
+            'stream': stream,
+            'verify': verify,
+            'cert': cert
+        }

    def get_adapter(self, url):
        """
@@ -898,6 +898,42 @@ class TestRequests:
            requests.get(httpbin_secure(), cert=('.', INVALID_PATH))
        assert str(e.value) == 'Could not find the TLS key file, invalid path: {}'.format(INVALID_PATH)

+    @pytest.mark.parametrize(
+        'env, expected', (
+            ({}, True),
+            ({'REQUESTS_CA_BUNDLE': '/some/path'}, '/some/path'),
+            ({'REQUESTS_CA_BUNDLE': ''}, True),
+            ({'CURL_CA_BUNDLE': '/some/path'}, '/some/path'),
+            ({'CURL_CA_BUNDLE': ''}, True),
+            ({'REQUESTS_CA_BUNDLE': '', 'CURL_CA_BUNDLE': ''}, True),
+            (
+                {
+                    'REQUESTS_CA_BUNDLE': '/some/path',
+                    'CURL_CA_BUNDLE': '/curl/path',
+                },
+                '/some/path',
+            ),
+            (
+                {
+                    'REQUESTS_CA_BUNDLE': '',
+                    'CURL_CA_BUNDLE': '/curl/path',
+                },
+                '/curl/path',
+            ),
+        )
+    )
+    def test_env_cert_bundles(self, httpbin, mocker, env, expected):
+        s = requests.Session()
+        mocker.patch('os.environ', env)
+        settings = s.merge_environment_settings(
+            url=httpbin('get'),
+            proxies={},
+            stream=False,
+            verify=True,
+            cert=None
+        )
+        assert settings['verify'] == expected
+
    def test_http_with_certificate(self, httpbin):
        r = requests.get(httpbin(), cert='.')
        assert r.status_code == 200