httpx icon indicating copy to clipboard operation
httpx copied to clipboard
verified publisher icon encode

Update default proxy construction in HTTPTransport to include SSL context

Open DHerls opened this issue 11 months ago • 1 comments

Summary

When a user created an HTTPTransport and supplied a URL for their proxy, the SSLContext was not passed to the created proxy. This caused some confusion when I ran into it the first time.

Now, the SSLContext is passed to the proxy when constructing by default.

Checklist

  • [x] I understand that this PR may be closed in case there was no previous discussion. (This doesn't apply to typos!)
  • [x] I've added a test for each change that was introduced, and I tried as much as possible to make a single atomic change.
  • [x] I've updated the documentation accordingly.

DHerls avatar Feb 14 '25 18:02 DHerls

Communication between client and local proxies is usually performed unencrypted

Coupling default SSL context by default would however result in httpx attempting to establish TLS connections to proxies by default.

A caller should better create a Prox() instance explicitly and pass it to Client() on instantiation, in case encrypted client<->proxy communication is required.

Also local proxies may require different, possibly self-signed?, special purpose certificates, which should probably not be leaked to default SSL context under all circumstances.

deathaxe avatar Jul 06 '25 20:07 deathaxe