Skip to content

[Fix] Networking - allow using CA Bundles #11906

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 20, 2025
Merged

[Fix] Networking - allow using CA Bundles #11906

merged 2 commits into from
Jun 20, 2025

Conversation

ishaan-jaff
Copy link
Contributor

@ishaan-jaff ishaan-jaff commented Jun 19, 2025
edited
Loading

[Fix] Networking - allow using CA Bundles

This PR enhances the HTTP transport by allowing custom CA bundles (via certifi) for SSL verification in aiohttp, improving flexibility around SSL configuration.

Relevant issues

Pre-Submission checklist

Please complete all items before asking a LiteLLM maintainer to review your PR

  • I have Added testing in the tests/litellm/ directory, Adding at least 1 test is a hard requirement - see details
  • I have added a screenshot of my new test passing locally
  • My PR passes all unit tests on make test-unit
  • My PR's scope is as isolated as possible, it only solves 1 specific problem

Type

🐛 Bug Fix
✅ Test

Changes

@vercel Vercel
Copy link

vercel bot commented Jun 19, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
litellm ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 20, 2025 0:02am

@ishaan-jaff ishaan-jaff requested a review from Copilot June 20, 2025 00:11
Copilot
Copilot AI reviewed Jun 20, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR enhances the HTTP transport by allowing custom CA bundles (via certifi) for SSL verification in aiohttp, improving flexibility around SSL configuration.

  • Introduce _get_ssl_context to generate an SSL context using certifi’s CA bundle
  • Add _get_ssl_connector_kwargs to centralize connector arguments based on ssl_context and ssl_verify
  • Update _create_aiohttp_transport to use the new helper and add tests for SSL context behavior

Reviewed Changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
tests/test_litellm/llms/custom_httpx/test_http_handler.py Added unit and integration tests for _get_ssl_context
litellm/llms/custom_httpx/http_handler.py Added _get_ssl_context and _get_ssl_connector_kwargs, updated transport creation to use them
Comments suppressed due to low confidence (2)

litellm/llms/custom_httpx/http_handler.py:537

  • [nitpick] The new helper _get_ssl_connector_kwargs has multiple branches (custom ssl_context, ssl_verify=False, and default context) that are not covered by tests. Consider adding unit tests to validate each branch's behavior.
    def _get_ssl_connector_kwargs(

tests/test_litellm/llms/custom_httpx/test_http_handler.py:8

  • The test references ssl.SSLContext and patches ssl.create_default_context but ssl is not imported, causing a NameError. Please add import ssl at the top of the test file.
import certifi

@ishaan-jaff ishaan-jaff merged commit d4b3454 into main Jun 20, 2025
40 of 46 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ishaan-jaff