Fix requests 2.32 compatibility

elastic · May 23, 2024 · d49d5dd · d49d5dd
1 parent b5157dd
commit d49d5dd
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/elastic_transport/_node/_http_requests.py b/elastic_transport/_node/_http_requests.py
@@ -169,7 +169,16 @@ def __init__(self, config: NodeConfig):
         )
         # Preload the HTTPConnectionPool so initialization issues
         # are raised here instead of in perform_request()
-        adapter.get_connection(self.base_url)  # type: ignore[no-untyped-call]
+        if hasattr(adapter, "get_connection_with_tls_context"):
+            adapter.get_connection_with_tls_context(
+                requests.Request(url=self.base_url), verify=self.session.verify
+            )
+        else:
+            # elastic-transport is not vulnerable to CVE-2024-35195 because it uses
+            # requests.Session and an SSLContext without using the verify parameter.
+            # We should remove this branch when requiring requests 2.32 or later.
+            adapter.get_connection(self.base_url)  # type: ignore [no-untyped-call]
+
         self.session.mount(prefix=f"{self.scheme}://", adapter=adapter)
 
     def perform_request(