Bug: `verify` parameter not passed to HTTP transport, breaking SSL verification control

[dgunning]

The _get_httpx_transport_params() method in HttpxThrottleCache only extracts http2 and proxy parameters but ignores the verify parameter. This prevents users from disabling SSL verification, even when explicitly configured.

Environment

• httpxthrottlecache version: 0.2.1
• Python version: 3.11 (affects all versions)
• httpx version: 0.25.0+

Impact

Users behind corporate VPNs or proxies with SSL inspection cannot disable SSL verification, making the library unusable in these environments. This is a critical issue for enterprise users.

Root Cause

In httpxthrottlecache/httpxclientmanager.py, line ~173:

def _get_httpx_transport_params(self, params: dict[str, Any]):
    http2 = params.get("http2", False)
    proxy = self.proxy

    return {"http2": http2, "proxy": proxy}  # ❌ Missing 'verify' parameter!

The method only returns http2 and proxy, so even when httpx_params["verify"] = False is set, it never reaches the actual HTTP transport.

Reproduction

from httpxthrottlecache import HttpxThrottleCache

# Create manager with verify=False in httpx_params
mgr = HttpxThrottleCache(
    cache_dir="/tmp/test",
    cache_mode="Disabled",
    httpx_params={"verify": False, "http2": False}
)

# Get transport params
transport_params = mgr._get_httpx_transport_params(mgr.httpx_params)

print(transport_params)
# Expected: {'http2': False, 'proxy': None, 'verify': False}
# Actual:   {'http2': False, 'proxy': None}  ❌ Missing 'verify'!

# This causes SSL verification to remain enabled even though the user disabled it

Expected Behavior

The verify parameter should be extracted from params and included in the returned dictionary so it gets passed to httpx.HTTPTransport() and httpx.AsyncHTTPTransport().

Proposed Fix

def _get_httpx_transport_params(self, params: dict[str, Any]):
    http2 = params.get("http2", False)
    proxy = self.proxy
    verify = params.get("verify", True)  # ✅ Extract verify parameter

    return {"http2": http2, "proxy": proxy, "verify": verify}  # ✅ Include in return

Workaround

For now, edgartools has implemented a monkey patch as a temporary workaround:

def _patched_get_httpx_transport_params(self, params: dict[str, Any]) -> dict[str, Any]:
    http2 = params.get("http2", False)
    proxy = self.proxy
    verify = params.get("verify", True)
    return {"http2": http2, "proxy": proxy, "verify": verify}

HttpxThrottleCache._get_httpx_transport_params = _patched_get_httpx_transport_params

See: https://github.com/dgunning/edgartools/blob/main/edgar/httpclient.py#L25-L55

Additional Context

This bug affects both:

• _get_transport() → RateLimitingTransport / httpx.HTTPTransport (sync)
• _get_async_transport() → AsyncRateLimitingTransport / httpx.AsyncHTTPTransport (async)

Both methods call _get_httpx_transport_params() to get the transport parameters, so fixing this one method fixes both code paths.

Related Issues

• User report in edgartools: Corporate VPN/SSL inspection preventing library usage
• Also affects: Any parameter that should be passed to the transport (e.g., cert for client certificates, though verify is the most critical)

Would you like me to submit a pull request with the fix?

[paultiq]

fixed in #40