earonesty · pixeebot · Sep 3, 2024 · pixeebot · Sep 3, 2024
diff --git a/redis/ocsp.py b/redis/ocsp.py
@@ -4,7 +4,6 @@
 from urllib.parse import urljoin, urlparse
 
 import cryptography.hazmat.primitives.hashes
-import requests
 from cryptography import hazmat, x509
 from cryptography.exceptions import InvalidSignature
 from cryptography.hazmat import backends
@@ -16,6 +15,7 @@
 from cryptography.hazmat.primitives.serialization import Encoding, PublicFormat
 from cryptography.x509 import ocsp
 from redis.exceptions import AuthorizationError, ConnectionError
+from security import safe_requests
 
 
 def _verify_response(issuer_cert, ocsp_response):
@@ -268,7 +268,7 @@ def build_certificate_url(self, server, cert, issuer_cert):
     def check_certificate(self, server, cert, issuer_url):
         """Checks the validity of an ocsp server for an issuer"""
 
-        r = requests.get(issuer_url)
+        r = safe_requests.get(issuer_url)
         if not r.ok:
             raise ConnectionError("failed to fetch issuer certificate")
         der = r.content
@@ -281,7 +281,7 @@ def check_certificate(self, server, cert, issuer_url):
             "Host": urlparse(ocsp_url).netloc,
             "Content-Type": "application/ocsp-request",
         }
-        r = requests.get(ocsp_url, headers=header)
+        r = safe_requests.get(ocsp_url, headers=header)
         if not r.ok:
             raise ConnectionError("failed to fetch ocsp certificate")
         return _check_certificate(issuer_cert, r.content, True)

diff --git a/setup.py b/setup.py
@@ -37,6 +37,7 @@
     python_requires=">=3.8",
     install_requires=[
         'async-timeout>=4.0.3; python_full_version<"3.11.3"',
+        "security==1.3.1",
     ],
     classifiers=[
         "Development Status :: 5 - Production/Stable",