Issue #19744: Handle missing SSL/TLS in ensurepip

- now also allows POSIX installation with SSL/TLS missing
- a goal for pip 1.6 is to allow local use without SSL/TLS

Lib/ensurepip/__init__.py

@@ -144,6 +144,11 @@ def _uninstall_helper(*, verbosity=0):
 
 
 def _main(argv=None):
+    if ssl is None:
+        print("Ignoring ensurepip failure: {}".format(_MISSING_SSL_MESSAGE),
+              file=sys.stderr)
+        return
+
     import argparse
     parser = argparse.ArgumentParser(prog="python -m ensurepip")
     parser.add_argument(

Lib/test/test_ensurepip.py

@@ -281,12 +281,20 @@ class TestMissingSSL(EnsurepipMixin, unittest.TestCase):
         self.run_pip.assert_not_called()
         self.assertIn("PIP_THIS_SHOULD_STAY", self.os_environ)
 
+    def test_main_exits_early_with_warning(self):
+        with test.support.captured_stderr() as stderr:
+            ensurepip_no_ssl._main(["--version"])
+        warning = stderr.getvalue().strip()
+        self.assertTrue(warning.endswith("requires SSL/TLS"), warning)
+        self.run_pip.assert_not_called()
+
 # Basic testing of the main functions and their argument parsing
 
 EXPECTED_VERSION_OUTPUT = "pip " + ensurepip._PIP_VERSION
 
 class TestBootstrappingMainFunction(EnsurepipMixin, unittest.TestCase):
 
+    @requires_usable_pip
     def test_bootstrap_version(self):
         with test.support.captured_stdout() as stdout:
             with self.assertRaises(SystemExit):

Misc/NEWS

@@ -20,6 +20,10 @@ Core and Builtins
 Library
 -------
 
+- Issue #19744: the ensurepip installation step now just prints a warning to
+  stderr rather than failing outright if SSL/TLS is unavailable. This allows
+  local installation of POSIX builds without SSL/TLS support.
+
 - Issue #20594: Avoid name clash with the libc function posix_close.