mirror of https://github.com/pypa/pip
Fix #1680 - Use System SSL Certificates if Available
This commit is contained in:
parent
868671a62c
commit
4a8173c4ed
|
@ -45,6 +45,9 @@
|
|||
until their removal in pip v1.8. For more information please see
|
||||
https://pip.pypa.io/en/latest/reference/pip_install.html#caching
|
||||
|
||||
* Fixed :issue:`1680`. Attempt to locate system TLS certificates to use instead
|
||||
of the included CA Bundle if possible. (:pull:`1866`)
|
||||
|
||||
|
||||
**1.5.7**
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ pass on state. To be consistent, all options will follow this design.
|
|||
import copy
|
||||
from optparse import OptionGroup, SUPPRESS_HELP, Option
|
||||
from pip.locations import (
|
||||
USER_CACHE_DIR, build_prefix, default_log_file, src_prefix,
|
||||
CA_BUNDLE_PATH, USER_CACHE_DIR, build_prefix, default_log_file, src_prefix,
|
||||
)
|
||||
|
||||
|
||||
|
@ -164,7 +164,7 @@ cert = OptionMaker(
|
|||
'--cert',
|
||||
dest='cert',
|
||||
type='str',
|
||||
default='',
|
||||
default=CA_BUNDLE_PATH,
|
||||
metavar='path',
|
||||
help="Path to alternate CA bundle.")
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
import getpass
|
||||
import os
|
||||
import os.path
|
||||
import site
|
||||
import sys
|
||||
import tempfile
|
||||
|
@ -11,12 +12,46 @@ from distutils.command.install import install, SCHEME_KEYS
|
|||
|
||||
from pip import appdirs
|
||||
from pip.compat import get_path_uid
|
||||
|
||||
import pip.exceptions
|
||||
|
||||
|
||||
# Hack for flake8
|
||||
install
|
||||
|
||||
|
||||
# CA Bundle Locations
|
||||
CA_BUNDLE_PATHS = [
|
||||
# Debian/Ubuntu/Gentoo etc.
|
||||
"/etc/ssl/certs/ca-certificates.crt",
|
||||
|
||||
# Fedora/RHEL
|
||||
"/etc/pki/tls/certs/ca-bundle.crt",
|
||||
|
||||
# OpenSUSE
|
||||
"/etc/ssl/ca-bundle.pem",
|
||||
|
||||
# OpenBSD
|
||||
"/etc/ssl/cert.pem",
|
||||
|
||||
# FreeBSD/DragonFly
|
||||
"/usr/local/share/certs/ca-root-nss.crt",
|
||||
|
||||
# Homebrew on OSX
|
||||
"/usr/local/etc/openssl/cert.pem",
|
||||
]
|
||||
|
||||
# Attempt to locate a CA Bundle that we can pass into requests, we have a list
|
||||
# of possible ones from various systems. If we cannot find one then we'll set
|
||||
# this to None so that we default to whatever requests is setup to handle.
|
||||
#
|
||||
# Note to Downstream: If you wish to disable this autodetection and simply use
|
||||
# whatever requests does (likely you've already patched
|
||||
# requests.certs.where()) then simply edit this line so
|
||||
# that it reads ``CA_BUNDLE_PATH = None``.
|
||||
CA_BUNDLE_PATH = next((x for x in CA_BUNDLE_PATHS if os.path.exists(x)), None)
|
||||
|
||||
|
||||
# Application Directories
|
||||
USER_CACHE_DIR = appdirs.user_cache_dir("pip")
|
||||
|
||||
|
|
Loading…
Reference in New Issue