Skip to content

Commit

Permalink
Addresses Issue pypa#5572: Implement PIP_TRUSTED_HOSTS logic...
Browse files Browse the repository at this point in the history 
Duplicated logic around line 204 in core.py to allow users to specify
index via --index command-line option and validate against
PIP_TRUSTED_HOSTS when determining verify_ssl value.
  • Loading branch information
@kalebmckale
kalebmckale committed Feb 18, 2023
1 parent ca436af commit e74f0df
Showing 1 changed file with 14 additions and 1 deletion.
15 changes: 14 additions & 1 deletion pipenv/core.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2366,8 +2366,21 @@ def do_install(
)
# Add the package to the Pipfile.
if index_url:
trusted_hosts = get_trusted_hosts()
host_and_port = get_host_and_port(index_url)
require_valid_https = not any(
(
v in trusted_hosts
for v in (
host_and_port,
host_and_port.partition(":")[
0
], # also check if hostname without port is in trusted_hosts
)
)
)
index_name = project.add_index_to_pipfile(
index_url, verify_ssl=index_url.startswith("https:")
index_url, verify_ssl=require_valid_https
)
pkg_requirement.index = index_name
try:
Expand Down

0 comments on commit e74f0df

Please sign in to comment.