Skip to content

Revert caching a default SSLContext #6767

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 13, 2025
Merged

Revert caching a default SSLContext #6767

merged 2 commits into from
Jun 13, 2025

Conversation

nateprewitt
Copy link
Member

This PR reverts the changes from #6667 to the previous behavior. Due to the number of edge cases and concurrency issues we've encountered with this change, we've decided the benefit doesn't currently outweigh the pain to existing infrastructure. We've iterated on a few tries to keep this functionality in place, but are still receiving reports of novel issues with this behavior.

We may be able to revisit this in a later version of Requests but we'll need a much more comprehensive test plan.

@nateprewitt nateprewitt force-pushed the remove_cached_sslcontext branch from ce40c46 to d520f46 Compare July 18, 2024 18:01
nateprewitt
nateprewitt commented Jul 18, 2024
View reviewed changes
This was referenced Jul 29, 2024
Merged
Closed
@nateprewitt nateprewitt marked this pull request as ready for review September 25, 2024 14:53
@seproDev seproDev mentioned this pull request Feb 7, 2025
Open
@compumike compumike mentioned this pull request Feb 9, 2025
Open
@stianjensen
Copy link

Is this still planned to be reverted?

@Conobi
Copy link

Conobi commented Jun 2, 2025

I would also suggest to revert it ASAP.
This unsafe caching can make some applications vulnerable to DOS attack when using mTLS authentication, causing Python to crash.
In its current version, requests cannot be used safely in mTLS scenarios.

@sethmlarson sethmlarson removed their request for review June 2, 2025 12:59
@Conobi Conobi mentioned this pull request Jun 3, 2025
Open
@dkliban
Copy link

dkliban commented Jun 13, 2025

@sigmavirus24 I applied this PR as a patch to my server and it stopped the core dumps i was experiencing. When is this going to be merged and released?

@nateprewitt
Copy link
Member Author

@dkliban It should go out with the next release. We'll update once we have a clearer timeline, we'll see what we can do next week.

@nateprewitt nateprewitt merged commit 90fee08 into psf:main Jun 13, 2025
29 checks passed
@nateprewitt nateprewitt deleted the remove_cached_sslcontext branch June 13, 2025 16:42
This was referenced Jun 13, 2025
Closed
Closed
Closed
Closed
@adbuerger adbuerger mentioned this pull request Jun 13, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sigmavirus24 sigmavirus24 sigmavirus24 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@nateprewitt @stianjensen @Conobi @dkliban @sigmavirus24