pypa · ichard26 · Apr 21, 2025
diff --git a/news/13343.bugfix.rst b/news/13343.bugfix.rst
@@ -0,0 +1 @@
+Ensure truststore feature remains active even when a proxy is also in use.
diff --git a/src/pip/_internal/network/session.py b/src/pip/_internal/network/session.py
@@ -54,6 +54,7 @@
     from ssl import SSLContext
 
     from pip._vendor.urllib3.poolmanager import PoolManager
+    from pip._vendor.urllib3.proxymanager import ProxyManager
 
 
 logger = logging.getLogger(__name__)
@@ -286,6 +287,13 @@ def init_poolmanager(
             **pool_kwargs,
         )
 
+    def proxy_manager_for(self, proxy: str, **proxy_kwargs: Any) -> "ProxyManager":
+        # Proxy manager replaces the pool manager, so inject our SSL
+        # context here too. https://github.com/pypa/pip/issues/13288
+        if self._ssl_context is not None:
+            proxy_kwargs.setdefault("ssl_context", self._ssl_context)
+        return super().proxy_manager_for(proxy, **proxy_kwargs)  # type: ignore[misc]
+
 
 class HTTPAdapter(_SSLContextAdapterMixin, _BaseHTTPAdapter):
     pass
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		Ensure truststore feature remains active even when a proxy is also in use.