Inject securetransport support into pip

Older versions of OpenSSL (before 1.0.1) did not support TLSv1.2 and in the near future PyPI will be configured to *only* support TLSv1.2+. This allows us to utilize SecureTransport on these systems where the linked OpenSSL is *not* new enough to handle TLSv1.2.

Inject securetransport support into pip
Older versions of OpenSSL (before 1.0.1) did not support TLSv1.2 and in the near future PyPI will be configured to *only* support TLSv1.2+. This allows us to utilize SecureTransport on these systems where the linked OpenSSL is *not* new enough to handle TLSv1.2.
84677844 · Donald Stufft · bf5c388a · 84677844 · 84677844
隐藏空白更改
内联并排

Showing with 21 addition and 0 deletion

news/4454.bugfix news/4454.bugfix +2 -0

pip/__init__.py pip/__init__.py +19 -0

未找到文件。
--- a/news/4454.bugfix
+++ b/news/4454.bugfix
+Fallback to using SecureTransport on macOS when the linked OpenSSL is too old to
+support TLSv1.2.
--- a/pip/__init__.py
+++ b/pip/__init__.py
@@ -20,6 +20,25 @@ import sys
 from pip._vendor.requests.packages.urllib3.exceptions import DependencyWarning
 warnings.filterwarnings("ignore", category=DependencyWarning)  # noqa

+# We want to inject the use of SecureTransport as early as possible so that any
+# references or sessions or what have you are ensured to have it, however we
+# only want to do this in the case that we're running on macOS and the linked
+# OpenSSL is too old to handle TLSv1.2
+try:
+    import ssl
+except ImportError:
+    pass
+else:
+    if (sys.platform == "darwin" and
+            ssl.OPENSSL_VERSION_NUMBER < 0x1000100f):  # OpenSSL 1.0.1
+        try:
+            from pip._vendor.requests.packages.urllib3.contrib import (
+                securetransport,
+            )
+        except (ImportError, OSError):
+            pass
+        else:
+            securetransport.inject_into_urllib3()

 from pip.exceptions import CommandError, PipError
 from pip.utils import get_installed_distributions, get_prog