Merge pull request #12929 from sethmlarson/truststore-0.9.2

Upgrade truststore to 0.9.2
pypa · Oct 13, 2024 · 1db60b2 · 1db60b2
2 parents b0ebea9 + 9ab7586
commit 1db60b2
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 2 deletions.
diff --git a/news/truststore.vendor.rst b/news/truststore.vendor.rst
@@ -0,0 +1 @@
+Upgrade truststore to 0.9.2
diff --git a/src/pip/_vendor/truststore/__init__.py b/src/pip/_vendor/truststore/__init__.py
@@ -5,9 +5,32 @@
 if _sys.version_info < (3, 10):
     raise ImportError("truststore requires Python 3.10 or later")
 
+# Detect Python runtimes which don't implement SSLObject.get_unverified_chain() API
+# This API only became public in Python 3.13 but was available in CPython and PyPy since 3.10.
+if _sys.version_info < (3, 13):
+    try:
+        import ssl as _ssl
+    except ImportError:
+        raise ImportError("truststore requires the 'ssl' module")
+    else:
+        _sslmem = _ssl.MemoryBIO()
+        _sslobj = _ssl.create_default_context().wrap_bio(
+            _sslmem,
+            _sslmem,
+        )
+        try:
+            while not hasattr(_sslobj, "get_unverified_chain"):
+                _sslobj = _sslobj._sslobj  # type: ignore[attr-defined]
+        except AttributeError:
+            raise ImportError(
+                "truststore requires peer certificate chain APIs to be available"
+            ) from None
+
+        del _ssl, _sslobj, _sslmem  # noqa: F821
+
 from ._api import SSLContext, extract_from_ssl, inject_into_ssl  # noqa: E402
 
 del _api, _sys  # type: ignore[name-defined] # noqa: F821
 
 __all__ = ["SSLContext", "inject_into_ssl", "extract_from_ssl"]
-__version__ = "0.9.1"
+__version__ = "0.9.2"
diff --git a/src/pip/_vendor/vendor.txt b/src/pip/_vendor/vendor.txt
@@ -15,4 +15,4 @@ rich==13.7.1
 resolvelib==1.0.1
 setuptools==70.3.0
 tomli==2.0.1
-truststore==0.9.1
+truststore==0.9.2