Split up Secure vs Insecure for the requests HTTPAdapters

pypa · Dec 20, 2014 · 5bab65d · 5bab65d
1 parent f0106a2
commit 5bab65d
Showing 1 changed file with 21 additions and 4 deletions.
diff --git a/pip/download.py b/pip/download.py
@@ -253,6 +253,13 @@ def delete(self, *args, **kwargs):
             pass
 
 
+class InsecureHTTPAdapter(HTTPAdapter):
+
+    def cert_verify(self, conn, url, verify, cert):
+        conn.cert_reqs = 'CERT_NONE'
+        conn.ca_certs = None
+
+
 class PipSession(requests.Session):
 
     timeout = None
@@ -287,16 +294,26 @@ def __init__(self, *args, **kwargs):
             backoff_factor=0.25,
         )
 
+        # We want to _only_ cache responses on securely fetched origins. We do
+        # this because we can't validate the response of an insecurely fetched
+        # origin, and we don't want someone to be able to poison the cache and
+        # require manual evication from the cache to fix it.
         if cache:
-            http_adapter = CacheControlAdapter(
+            secure_adapter = CacheControlAdapter(
                 cache=SafeFileCache(cache),
                 max_retries=retries,
             )
         else:
-            http_adapter = HTTPAdapter(max_retries=retries)
+            secure_adapter = HTTPAdapter(max_retries=retries)
+
+        # Our Insecure HTTPAdapter disables HTTPS validation. It does not
+        # support caching (see above) so we'll use it for all http:// URLs as
+        # well as any https:// host that we've marked as ignoring TLS errors
+        # for.
+        insecure_adapter = InsecureHTTPAdapter(max_retries=retries)
 
-        self.mount("http://", http_adapter)
-        self.mount("https://", http_adapter)
+        self.mount("http://", secure_adapter)
+        self.mount("https://", insecure_adapter)
 
         # Enable file:// urls
         self.mount("file://", LocalFSAdapter())