mirror of
https://github.com/kennethreitz/pipenv.git
synced 2026-06-05 22:50:18 +00:00
Milo Minderbinder
167909839a
Previously, due to a probable typo in the code for importing a requirements file to create a new pipenv project, SSL/TLS validation was disabled by default for any package index servers specified in the requirements file with the `--index-url` or `--extra-index-url` options. In addition, `--trusted-host` options in the requirements file would not work as intended, because any host or host:port pair provided with these options was incorrectly being matched against the full URLs of the configured index server(s) (i.e. including the scheme, path, etc.), instead of extracting and comparing with the host and port parts only, as intended. This PR fixes both of these issues, flipping the existing behavior to require SSL/TLS validation by default, and optionally allowing TLS validation to be disabled explicitly for specific host:port with the `--trusted-host` option if provided.