From 6ef62d0201496f306040296c77a43a7678faf749 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 4 Jan 2026 20:22:02 +0100
Subject: [PATCH] Minor improvement of PKI handler

---
 data/txt/sha256sums.txt   |  4 ++--
 lib/core/settings.py      |  2 +-
 lib/request/pkihandler.py | 28 +++++++++++++++++++++++++---
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
index 21c89d821..a6bd2f122 100644
--- a/data/txt/sha256sums.txt
+++ b/data/txt/sha256sums.txt
@@ -189,7 +189,7 @@ fb0a08ac6f8bb07711e4e895eebf9fb3c8d452cc7aaebcdf78d926cdf051550d  lib/core/patch
 73ef0895d728fe76bf9abda94d4b97951069532a088d603a064e793bb2ae45d9  lib/core/replication.py
 3574639db4942d16a2dc0a2f04bb7c0913c40c3862b54d34c44075a760e0c194  lib/core/revision.py
 888daba83fd4a34e9503fe21f01fef4cc730e5cde871b1d40e15d4cbc847d56c  lib/core/session.py
-7dfde59e8efcd684be4cd84f93024554406d139d8604a0336cfac81f5f5008ac  lib/core/settings.py
+4284c63fe1589282f961392380a83990d5bf1baa41d6056bc69aa2e4ec6ab8aa  lib/core/settings.py
 cd5a66deee8963ba8e7e9af3dd36eb5e8127d4d68698811c29e789655f507f82  lib/core/shell.py
 00dc9e87db2c13d7eaf18edd503267430460d91baf76760350be545d4a387a9f  lib/core/subprocessng.py
 d35650179816193164a5f177102f18379dfbe6bb6d40fbb67b78d907b41c8038  lib/core/target.py
@@ -219,7 +219,7 @@ f56fc33251bd6214e3a6316c8f843eb192b2996aa84bd4c3e98790fdcf6e8cf0  lib/request/ht
 1966ca704961fb987ab757f0a4afddbf841d1a880631b701487c75cef63d60c3  lib/request/__init__.py
 aeeeb5f0148078e30d52208184042efc3618d3f2e840d7221897aae34315824e  lib/request/inject.py
 ada4d305d6ce441f79e52ec3f2fc23869ee2fa87c017723e8f3ed0dfa61cdab4  lib/request/methodrequest.py
-5c3edfca5ad58153ad6cface03777e059d3308b2aa3c38db993b5054145faa8e  lib/request/pkihandler.py
+43a7fdf64e7ba63c6b2d641c9f999a63c12ac23b43b64fedfce4e05b863de568  lib/request/pkihandler.py
 4efead49b76d1237c283ecf281673d8762e09575d05af2a1e24680900ca83d0b  lib/request/rangehandler.py
 47a97b264fb588142b102d18100030ce333ce372c677b97ed6cb04105c6c9d30  lib/request/redirecthandler.py
 1bf93c2c251f9c422ecf52d9cae0cd0ff4ea2e24091ee6d019c7a4f69de8e5eb  lib/request/templates.py
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 5ffab8e85..0c977ceca 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import OS
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.10.1.3"
+VERSION = "1.10.1.4"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/request/pkihandler.py b/lib/request/pkihandler.py
index 4b34bbe6d..5b1c3495e 100644
--- a/lib/request/pkihandler.py
+++ b/lib/request/pkihandler.py
@@ -5,12 +5,20 @@ Copyright (c) 2006-2026 sqlmap developers (https://sqlmap.org)
 See the file 'LICENSE' for copying permission
 """
 
+ssl = None
+try:
+    import ssl as _ssl
+    ssl = _ssl
+except ImportError:
+    pass
+
 from lib.core.data import conf
 from lib.core.common import getSafeExString
 from lib.core.exception import SqlmapConnectionException
 from thirdparty.six.moves import http_client as _http_client
 from thirdparty.six.moves import urllib as _urllib
 
+
 class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
     def __init__(self, auth_file):
         _urllib.request.HTTPSHandler.__init__(self)
@@ -20,10 +28,24 @@ class HTTPSPKIAuthHandler(_urllib.request.HTTPSHandler):
         return self.do_open(self.getConnection, req)
 
     def getConnection(self, host, timeout=None):
+        if timeout is None:
+            timeout = conf.timeout
+
+        if not hasattr(_http_client, "HTTPSConnection"):
+            raise SqlmapConnectionException("HTTPS support is not available in this Python build")
+
         try:
-            # Reference: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_cert_chain
-            return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=conf.timeout)
-        except IOError as ex:
+            if ssl and hasattr(ssl, "SSLContext") and hasattr(ssl, "create_default_context"):
+                ctx = ssl.create_default_context()
+                ctx.load_cert_chain(certfile=self.auth_file, keyfile=self.auth_file)
+                try:
+                    return _http_client.HTTPSConnection(host, timeout=timeout, context=ctx)
+                except TypeError:
+                    pass
+
+            return _http_client.HTTPSConnection(host, cert_file=self.auth_file, key_file=self.auth_file, timeout=timeout)
+
+        except (IOError, OSError) as ex:
             errMsg = "error occurred while using key "
             errMsg += "file '%s' ('%s')" % (self.auth_file, getSafeExString(ex))
             raise SqlmapConnectionException(errMsg)