[Distutils] SNI support in pip

Nick Coghlan ncoghlan at gmail.com
Tue Dec 2 02:17:49 CET 2014

On 1 December 2014 at 22:58, Donald Stufft <donald at stufft.io> wrote:
> On Dec 1, 2014, at 7:40 AM, Wichert Akkerman <wichert at wiggy.net> wrote:
> I am wondering: with Python 2.7.9 about to be released with a backport of
> Python 3’s ssl module, can pip start supporting SNI without any external
> dependencies? That would be a huge help for people who need to use SNI.
> Regards,
> Wichert.
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig
> Yes, pip just uses requests to validate HTTPS. Requests gates the stdlib SNI
> stuff on whether or not the stdlib has SSLContext and the HAS_SNI variables.
> This should automatically work with 2.7.9.

For the benefit of anyone that isn't already aware, the transport
security work in the packaging ecosystem was actually one of the
factors feeding into the eventual decision to backport the Python 3
transport security improvements to Python 2.7.

ensurepip + the SSL/TLS upgrades + defaulting to verified HTTPS all
ending up in the same Python 2.7 release arose out of the process of
figuring out how to address an inter-connected set of significant
usability issues (which become much harder to ignore once you're
working on secure package distribution infrastructure).


Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia

More information about the Distutils-SIG mailing list