fix: convert CA bundle path to ssl.SSLContext to avoid httpx deprecation warning

httpx emits a DeprecationWarning when verify=<str> is passed, recommending ssl.SSLContext instead. This affected both our httpx client factories and the caldav library passthrough. Changed get_nextcloud_ssl_verify() to return bool | ssl.SSLContext instead of bool | str by constructing an SSLContext when NEXTCLOUD_CA_BUNDLE is set. All downstream consumers (httpx, caldav) natively accept ssl.SSLContext. Also fixed app password endpoint tests that used overly broad MagicMock (auto-generated truthy nextcloud_ca_bundle attribute). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 13:27:22 +01:00
parent 1707b2e6e1
commit 1a4486a388
3 changed files with 58 additions and 17 deletions
@@ -2,6 +2,7 @@ import logging
 import logging.config
 import os
 import socket
+import ssl
 from dataclasses import dataclass
 from enum import Enum
 from typing import Any, Optional
@@ -596,17 +597,18 @@ def get_settings() -> Settings:
    )


-def get_nextcloud_ssl_verify() -> bool | str:
+def get_nextcloud_ssl_verify() -> bool | ssl.SSLContext:
    """Return the SSL verification setting for Nextcloud connections.

    Returns:
        - False if NEXTCLOUD_VERIFY_SSL=false (disable verification)
-        - CA bundle path if NEXTCLOUD_CA_BUNDLE is set (custom CA)
+        - ssl.SSLContext if NEXTCLOUD_CA_BUNDLE is set (custom CA)
        - True otherwise (default system CA verification)
    """
    settings = get_settings()
    if not settings.nextcloud_verify_ssl:
        return False
    if settings.nextcloud_ca_bundle:
-        return settings.nextcloud_ca_bundle
+        ctx = ssl.create_default_context(cafile=settings.nextcloud_ca_bundle)
+        return ctx
    return True