Skip to content

google-auth: prevent custom transport crash on malformed certs during ssl_context creation #17622

Description

@nbayati

Summary of the issue

Right now in aio.sessions, configure_mtls_channel() eager-loads the cert and tries to build the ssl_context right away. The problem is it does this before even checking if the underlying transport is actually an AiohttpRequest.

If someone passes in a custom transport and happens to have a broken cert, the app crashes trying to parse it, even though the custom transport wasn't even going to use that context anyway.

Proposed fix

We should just check isinstance(self._auth_request, aiohttp_requests.Request) before calling make_client_cert_ssl_context.

Affected Files

  • google/auth/transport/aio/sessions.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions