Skip to content

Commit 30807c4

Browse files
ichard26ichard26
authored
Inject SSL context into urllib3 ProxyManager, too (#13343)
When a proxy is involved, requests uses a urllib3 proxy manager instead of the pool manager. We only inject our SSL context into the pool manager, which means the truststore context is lost when a proxy is set. We can modify proxy manager construction by overriding proxy_manager_for on the requests adapters.
1 parent ab073f9 commit 30807c4

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

news/13343.bugfix.rst

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
Ensure truststore feature remains active even when a proxy is also in use.

src/pip/_internal/network/session.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@
5151
from ssl import SSLContext
5252

5353
from pip._vendor.urllib3.poolmanager import PoolManager
54+
from pip._vendor.urllib3.proxymanager import ProxyManager
5455

5556

5657
logger = logging.getLogger(__name__)
@@ -283,6 +284,13 @@ def init_poolmanager(
283284
**pool_kwargs,
284285
)
285286

287+
def proxy_manager_for(self, proxy: str, **proxy_kwargs: Any) -> "ProxyManager":
288+
# Proxy manager replaces the pool manager, so inject our SSL
289+
# context here too. https://github.com/pypa/pip/issues/13288
290+
if self._ssl_context is not None:
291+
proxy_kwargs.setdefault("ssl_context", self._ssl_context)
292+
return super().proxy_manager_for(proxy, **proxy_kwargs) # type: ignore[misc]
293+
286294

287295
class HTTPAdapter(_SSLContextAdapterMixin, _BaseHTTPAdapter):
288296
pass

0 commit comments

Comments
 (0)