pypa · amp343 · Jul 8, 2017
diff --git a/news/4098.bugfix b/news/4098.bugfix
@@ -0,0 +1 @@
+Limit the disabling of requests' pyopenssl to Windows only. Fixes "SNIMissingWarning / InsecurePlatformWarning not fixable with pip 9.0 / 9.0.1" (for non-Windows)
diff --git a/pip/_vendor/README.rst b/pip/_vendor/README.rst
@@ -97,7 +97,7 @@ Modifications
 * ``pkg_resources`` has been modified to import its dependencies from ``pip._vendor``
 * ``CacheControl`` has been modified to import its dependencies from ``pip._vendor``
 * ``packaging`` has been modified to import its dependencies from ``pip._vendor``
-* ``requests`` has been modified *not* to optionally load any C dependencies
+* ``requests`` has been modified to *not* load C dependencies: ``simplejson`` (all platforms) and ``pyopenssl`` (Windows)
 * Modified distro to delay importing ``argparse`` to avoid errors on 2.6
 
 

diff --git a/pip/_vendor/requests/__init__.py b/pip/_vendor/requests/__init__.py
@@ -47,14 +47,19 @@
 __license__ = 'Apache 2.0'
 __copyright__ = 'Copyright 2016 Kenneth Reitz'
 
+
+from pip.compat import WINDOWS
+
+
 # Attempt to enable urllib3's SNI support, if possible
-# Note: Patched by pip to prevent using the PyOpenSSL module. On Windows this
-#       prevents upgrading cryptography.
-# try:
-#     from .packages.urllib3.contrib import pyopenssl
-#     pyopenssl.inject_into_urllib3()
-# except ImportError:
-#     pass
+# Note: Patched by pip to prevent using the PyOpenSSL module when OS is Windows.
+#       Otherwise on Windows this would prevent upgrading cryptography.
+if not WINDOWS:
+    try:
+        from .packages.urllib3.contrib import pyopenssl
+        pyopenssl.inject_into_urllib3()
+    except ImportError:
+        pass
 
 import warnings
 

diff --git a/tasks/vendoring/patches/requests.patch b/tasks/vendoring/patches/requests.patch
@@ -1,24 +1,30 @@
 diff --git a/pip/_vendor/requests/__init__.py b/pip/_vendor/requests/__init__.py
-index 9c3b769..44f6836 100644
+index 9c3b769..36a4ef40 100644
 --- a/pip/_vendor/requests/__init__.py
 +++ b/pip/_vendor/requests/__init__.py
-@@ -48,11 +48,13 @@ __license__ = 'Apache 2.0'
+@@ -47,12 +47,19 @@ __author__ = 'Kenneth Reitz'
+ __license__ = 'Apache 2.0'
  __copyright__ = 'Copyright 2016 Kenneth Reitz'
-
+
++
++from pip.compat import WINDOWS
++
++
  # Attempt to enable urllib3's SNI support, if possible
 -try:
 -    from .packages.urllib3.contrib import pyopenssl
 -    pyopenssl.inject_into_urllib3()
 -except ImportError:
 -    pass
-+# Note: Patched by pip to prevent using the PyOpenSSL module. On Windows this
-+#       prevents upgrading cryptography.
-+# try:
-+#     from .packages.urllib3.contrib import pyopenssl
-+#     pyopenssl.inject_into_urllib3()
-+# except ImportError:
-+#     pass
-
++# Note: Patched by pip to prevent using the PyOpenSSL module when OS is Windows.
++#       Otherwise on Windows this would prevent upgrading cryptography.
++if not WINDOWS:
++    try:
++        from .packages.urllib3.contrib import pyopenssl
++        pyopenssl.inject_into_urllib3()
++    except ImportError:
++        pass
+
  import warnings
 
 diff --git a/pip/_vendor/requests/compat.py b/pip/_vendor/requests/compat.py
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Limit the disabling of requests' pyopenssl to Windows only. Fixes "SNIMissingWarning / InsecurePlatformWarning not fixable with pip 9.0 / 9.0.1" (for non-Windows)