1from .ssl_ import create_urllib3_context, resolve_cert_reqs, resolve_ssl_version
2
3
4def connection_requires_http_tunnel(
5    proxy_url=None, proxy_config=None, destination_scheme=None
6):
7    """
8    Returns True if the connection requires an HTTP CONNECT through the proxy.
9
10    :param URL proxy_url:
11        URL of the proxy.
12    :param ProxyConfig proxy_config:
13        Proxy configuration from poolmanager.py
14    :param str destination_scheme:
15        The scheme of the destination. (i.e https, http, etc)
16    """
17    # If we're not using a proxy, no way to use a tunnel.
18    if proxy_url is None:
19        return False
20
21    # HTTP destinations never require tunneling, we always forward.
22    if destination_scheme == "http":
23        return False
24
25    # Support for forwarding with HTTPS proxies and HTTPS destinations.
26    if (
27        proxy_url.scheme == "https"
28        and proxy_config
29        and proxy_config.use_forwarding_for_https
30    ):
31        return False
32
33    # Otherwise always use a tunnel.
34    return True
35
36
37def create_proxy_ssl_context(
38    ssl_version, cert_reqs, ca_certs=None, ca_cert_dir=None, ca_cert_data=None
39):
40    """
41    Generates a default proxy ssl context if one hasn't been provided by the
42    user.
43    """
44    ssl_context = create_urllib3_context(
45        ssl_version=resolve_ssl_version(ssl_version),
46        cert_reqs=resolve_cert_reqs(cert_reqs),
47    )
48    if (
49        not ca_certs
50        and not ca_cert_dir
51        and not ca_cert_data
52        and hasattr(ssl_context, "load_default_certs")
53    ):
54        ssl_context.load_default_certs()
55
56    return ssl_context
57