session.http: fix custom SSLContext + verify=False

[bastimeyer]

Resolves #6204

Really not sure if this is the right approach to solve this. This might just be a bug in urllib3.

When --http-no-ssl-verify is set, verify is set to False on the HTTPSession(requests.Session). This leads to cert_reqs=ssl.CERT_NONE being set on the HTTPSConnectionPool. Eventually, urllib3 will make the TLS connection and verify it. Nothing unusual so far.

However, when the user has also set --http-disable-dh, we mount a custom HTTPAdapter on the https:// scheme, which includes a custom SSLContext where the Diffie-Hellman key exchange is disabled. This SSLContext has all default values set otherwise. It will of course also be passed to the HTTPSConnectionPool and taken into account while validating the TLS connection.

The issue here is that urllib3 does the following:
https://github.com/urllib3/urllib3/blob/2.2.3/src/urllib3/connection.py#L860-L871
It tries to set the context's verify_mode attribute again, based on the cert_reqs parameter which was set on the HTTPSConnectionPool via verify=False. This however raises a ValueError, because our custom SSLContext from our custom HTTPAdapter is being used, where the default values are set, including check_hostname=True.

So when check_hostname is True and verify_mode is attempted to be set to ssl.CERT_NONE, this won't work.

Hence the HTTPAdapter.send() override of this PR, which alters the attributes of the SSLContext based on the verify value before sending the HTTPS request.

---

>>> import ssl
>>> import urllib3.util         
>>> context = urllib3.util.create_urllib3_context()
>>> context.verify_mode = ssl.CERT_NONE
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.12/ssl.py", line 679, in verify_mode
    super(SSLContext, SSLContext).verify_mode.__set__(self, value)
ValueError: Cannot set verify_mode to CERT_NONE when check_hostname is enabled.

---

master

$ streamlink --http-no-ssl-verify --http-disable-dh twitch.tv/lirik
[cli][info] Found matching plugin twitch for URL twitch.tv/lirik
error: Unable to open URL: https://gql.twitch.tv/gql (Cannot set verify_mode to CERT_NONE when check_hostname is enabled.)

PR

$ streamlink --http-no-ssl-verify --http-disable-dh twitch.tv/lirik
[cli][info] Found matching plugin twitch for URL twitch.tv/lirik
[warnings][insecurerequestwarning] Unverified HTTPS request is being made to host 'gql.twitch.tv'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  /home/basti/venv/streamlink-312/lib/python3.12/site-packages/urllib3/connectionpool.py:1099
[warnings][insecurerequestwarning] Unverified HTTPS request is being made to host 'usher.ttvnw.net'. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#tls-warnings
  /home/basti/venv/streamlink-312/lib/python3.12/site-packages/urllib3/connectionpool.py:1099
...