Summary of the issue
Right now in aio.sessions, configure_mtls_channel() eager-loads the cert and tries to build the ssl_context right away. The problem is it does this before even checking if the underlying transport is actually an AiohttpRequest.
If someone passes in a custom transport and happens to have a broken cert, the app crashes trying to parse it, even though the custom transport wasn't even going to use that context anyway.
Proposed fix
We should just check isinstance(self._auth_request, aiohttp_requests.Request) before calling make_client_cert_ssl_context.
Affected Files
google/auth/transport/aio/sessions.py
Summary of the issue
Right now in
aio.sessions,configure_mtls_channel()eager-loads the cert and tries to build thessl_contextright away. The problem is it does this before even checking if the underlying transport is actually anAiohttpRequest.If someone passes in a custom transport and happens to have a broken cert, the app crashes trying to parse it, even though the custom transport wasn't even going to use that context anyway.
Proposed fix
We should just check
isinstance(self._auth_request, aiohttp_requests.Request)before callingmake_client_cert_ssl_context.Affected Files
google/auth/transport/aio/sessions.py