Merge pull request #4454 from dstufft/securetransport

Use SecureTransport on macOS
pypa · May 19, 2017 · 9c03780 · 9c03780
2 parents 2ae5f1e + 8467784
commit 9c03780
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/news/4454.bugfix b/news/4454.bugfix
@@ -0,0 +1,2 @@
+Fallback to using SecureTransport on macOS when the linked OpenSSL is too old to
+support TLSv1.2.
diff --git a/pip/__init__.py b/pip/__init__.py
@@ -20,6 +20,25 @@
 from pip._vendor.requests.packages.urllib3.exceptions import DependencyWarning
 warnings.filterwarnings("ignore", category=DependencyWarning)  # noqa
 
+# We want to inject the use of SecureTransport as early as possible so that any
+# references or sessions or what have you are ensured to have it, however we
+# only want to do this in the case that we're running on macOS and the linked
+# OpenSSL is too old to handle TLSv1.2
+try:
+    import ssl
+except ImportError:
+    pass
+else:
+    if (sys.platform == "darwin" and
+            ssl.OPENSSL_VERSION_NUMBER < 0x1000100f):  # OpenSSL 1.0.1
+        try:
+            from pip._vendor.requests.packages.urllib3.contrib import (
+                securetransport,
+            )
+        except (ImportError, OSError):
+            pass
+        else:
+            securetransport.inject_into_urllib3()
 
 from pip.exceptions import CommandError, PipError
 from pip.utils import get_installed_distributions, get_prog