Recently I was usingrequests_toolbelt alongside therequests library, more specifically, I was leveraging theHostHeaderSSLAdapter fromrequests_toolbelt to make sure I could request a private URL endpoint (e.g.https://1.2.3.4:5678/api/check) with the custom SNI and self-signed CA certificate.
It works great until I try to request the same thing with a proxy, and it starts to occur the SSL verification exception as follows:

requests.exceptions.SSLError:HTTPSConnectionPool(host='1.2.3.4',port=5678):Maxretriesexceededwithurl:/api/check_token (CausedbySSLError(SSLCertVerificationError(1,"[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '1.2.3.4:'. (_ssl.c:1006)")))

I thought this was a bug related to therequests_toolbelt at first, like the existing bug report#276, but after doing some digging, I'm pretty sure it is bound to therequests itself, hence I report the bug here and a PR that for it later.

Expected Result

Everything works the same way with or without a proxy.

Actual Result

• Private URL endpoint + custom SNI + self-signed CA ✅
• Private URL endpoint + custom SNI + self-signed CA +HTTP Proxy ❌

Reproduction Steps

importrequestsfromrequests_toolbelt.adapters.host_header_sslimportHostHeaderSSLAdaptersession=requests.Session()session.trust_env=Falsesession.mount('https://',HostHeaderSSLAdapter())# Modify http://127.0.0.1:20809 to your actual proxy urlsession.proxies.update({'https':'http://127.0.0.1:20809','http':'http://127.0.0.1:20809'})# Modify https://1.2.3.4:5678/api/check to your actual private URL endpointresp=session.get('https://1.2.3.4:5678/api/check',headers={'Host':'{YOUR_HOST_NAME}'},verify='{YOUR_SELF_SIGNED_CA_FILE}')print(resp.status_code,resp.content)

System Information

No need