clear up connection compatibility logic

2023-12-13 21:30:23 +01:00 · 2013-02-15 20:03:13 -08:00 · 2013-02-15 20:03:13 -08:00 · 809a9962c1
parent d0c3138fbf
commit 809a9962c1
2 changed files with 22 additions and 13 deletions
--- a/pip/backwardcompat/socket_create_connection.py
+++ b/pip/backwardcompat/socket_create_connection.py
@ -1,11 +1,11 @@
 """
-patches for py25 socket to work with http://pypi.python.org/pypi/ssl/
-inspired from https://gist.github.com/zed/1347055
+patch for py25 socket to work with http://pypi.python.org/pypi/ssl/
+copy-paste from py2.6 stdlib socket.py
+https://gist.github.com/zed/1347055
 """
 import socket

 _GLOBAL_DEFAULT_TIMEOUT = getattr(socket, '_GLOBAL_DEFAULT_TIMEOUT', object())
-# copy-paste from stdlib's socket.py (py2.6)
 def create_connection(address, timeout=_GLOBAL_DEFAULT_TIMEOUT,
                      source_address=None):
    """Connect to *address* and return the socket object.
--- a/pip/download.py
+++ b/pip/download.py
@ -70,36 +70,45 @@ _scheme_re = re.compile(r'^(http|https|file):', re.I)
 _url_slash_drive_re = re.compile(r'/*([a-z])\|', re.I)

 class VerifiedHTTPSConnection(httplib.HTTPSConnection):
+    """
+    A connection that wraps connections with ssl certificate verification.
+    """
    def connect(self):
-        cert_path = os.environ.get('PIP_CERT_PATH', '') or default_cert_path
-        # overrides the version in httplib so that we do
-        #    certificate verification

-        args = [(self.host, self.port)]
+        self.connection_kwargs = {}
+
+        #TODO: refactor compatibility logic into backwardcompat?
+
+        # for > py2.5
        if hasattr(self, 'timeout'):
-            args.append(self.timeout)
+            self.connection_kwargs.update(timeout = self.timeout)
+
+        # for >= py2.7
        if hasattr(self, 'source_address'):
-            args.append(self.source_address)
+            self.connection_kwargs.update(source_address = self.source_address)

-        sock = socket.create_connection(*args)
+        sock = socket.create_connection((self.host, self.port), **self.connection_kwargs)

+        # for >= py2.7
        if getattr(self, '_tunnel_host', None):
            self.sock = sock
            self._tunnel()

-        # wrap the socket using verification with the root
-        #    certs in trusted_root_certs
+        # get alternate bundle or use our included bundle
+        cert_path = os.environ.get('PIP_CERT_PATH', '') or default_cert_path
+
        self.sock = ssl.wrap_socket(sock,
                                self.key_file,
                                self.cert_file,
                                cert_reqs=ssl.CERT_REQUIRED,
                                ca_certs=cert_path)
+
        match_hostname(self.sock.getpeercert(), self.host)


 class VerifiedHTTPSHandler(urllib2.HTTPSHandler):
    """
-    A HTTPSHandler that wraps connections with ssl certificate verification.
+    A HTTPSHandler that uses our own VerifiedHTTPSConnection.
    """
    def __init__(self, connection_class = VerifiedHTTPSConnection):
        self.specialized_conn_class = connection_class