Add support for --trusted-host (#6591)

## Summary

This PR revives #4944, which I think
was a good start towards adding `--trusted-host`. Last night, I tried to
add `--trusted-host` with a custom verifier, but we had to vendor a lot
of `reqwest` code and I eventually hit some private APIs. I'm not
confident that I can implement it correctly with that mechanism, and
since this is security, correctness is the priority.

So, instead, we now use two clients and multiplex between them.

Closes #1339.

## Test Plan

Created self-signed certificate, and ran `python3 -m http.server --bind
127.0.0.1 4443 --directory . --certfile cert.pem --keyfile key.pem` from
the packse index directory.

Verified that `cargo run pip install
transitive-yanked-and-unyanked-dependency-a-0abad3b6 --index-url
https://127.0.0.1:8443/simple-html` failed with:

```
error: Request failed after 3 retries
  Caused by: error sending request for url (https://127.0.0.1:8443/simple-html/transitive-yanked-and-unyanked-dependency-a-0abad3b6/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: Other(OtherError(CaUsedAsEndEntity))
```

Verified that `cargo run pip install
transitive-yanked-and-unyanked-dependency-a-0abad3b6 --index-url
'https://127.0.0.1:8443/simple-html' --trusted-host '127.0.0.1:8443'`
failed with the expected error (invalid resolution) and made valid
requests.

Verified that `cargo run pip install
transitive-yanked-and-unyanked-dependency-a-0abad3b6 --index-url
'https://127.0.0.1:8443/simple-html' --trusted-host '127.0.0.2' -n` also
failed.

crates/uv-cli/src/compat.rs

@@ -39,9 +39,6 @@ pub struct PipCompileCompatArgs {
     #[clap(long, hide = true)]
     client_cert: Option<String>,
 
-    #[clap(long, hide = true)]
-    trusted_host: Option<String>,
-
     #[clap(long, hide = true)]
     emit_trusted_host: bool,
 
@@ -118,15 +115,9 @@ impl CompatArgs for PipCompileCompatArgs {
             ));
         }
 
-        if self.trusted_host.is_some() {
-            return Err(anyhow!(
-                "pip-compile's `--trusted-host` is unsupported (uv always requires HTTPS)"
-            ));
-        }
-
         if self.emit_trusted_host {
             return Err(anyhow!(
-                "pip-compile's `--emit-trusted-host` is unsupported (uv always requires HTTPS)"
+                "pip-compile's `--emit-trusted-host` is unsupported"
             ));
         }
 
@@ -209,9 +200,6 @@ pub struct PipSyncCompatArgs {
     #[clap(short, long, hide = true)]
     ask: bool,
 
-    #[clap(long, hide = true)]
-    trusted_host: Option<String>,
-
     #[clap(long, hide = true)]
     python_executable: Option<String>,
 
@@ -265,12 +253,6 @@ impl CompatArgs for PipSyncCompatArgs {
             ));
         }
 
-        if self.trusted_host.is_some() {
-            return Err(anyhow!(
-                "pip-sync's `--trusted-host` is unsupported (uv always requires HTTPS)"
-            ));
-        }
-
         if self.config.is_some() {
             return Err(anyhow!(
                 "pip-sync's `--config` is unsupported (uv does not use a configuration file)"

crates/uv-cli/src/lib.rs

@@ -6,13 +6,13 @@ use std::str::FromStr;
 use anyhow::{anyhow, Result};
 use clap::builder::styling::Style;
 use clap::{Args, Parser, Subcommand};
-
 use distribution_types::{FlatIndexLocation, IndexUrl};
 use pep508_rs::Requirement;
 use pypi_types::VerbatimParsedUrl;
 use uv_cache::CacheArgs;
 use uv_configuration::{
     ConfigSettingEntry, IndexStrategy, KeyringProviderType, PackageNameSpecifier, TargetTriple,
+    TrustedHost,
 };
 use uv_normalize::{ExtraName, PackageName};
 use uv_python::{PythonDownloads, PythonPreference, PythonVersion};
@@ -678,6 +678,18 @@ fn parse_index_url(input: &str) -> Result<Maybe<IndexUrl>, String> {
     }
 }
 
+/// Parse a string into an [`Url`], mapping the empty string to `None`.
+fn parse_insecure_host(input: &str) -> Result<Maybe<TrustedHost>, String> {
+    if input.is_empty() {
+        Ok(Maybe::None)
+    } else {
+        match TrustedHost::from_str(input) {
+            Ok(host) => Ok(Maybe::Some(host)),
+            Err(err) => Err(err.to_string()),
+        }
+    }
+}
+
 /// Parse a string into a [`PathBuf`]. The string can represent a file, either as a path or a
 /// `file://` URL.
 fn parse_file_path(input: &str) -> Result<PathBuf, String> {
@@ -1559,6 +1571,25 @@ pub struct PipUninstallArgs {
     #[arg(long, value_enum, env = "UV_KEYRING_PROVIDER")]
     pub keyring_provider: Option<KeyringProviderType>,
 
+    /// Allow insecure connections to a host.
+    ///
+    /// Can be provided multiple times.
+    ///
+    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
+    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
+    ///
+    /// WARNING: Hosts included in this list will not be verified against the system's certificate
+    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
+    /// bypasses SSL verification and could expose you to MITM attacks.
+    #[arg(
+        long,
+        alias = "trusted-host",
+        env = "UV_INSECURE_HOST",
+        value_delimiter = ' ',
+        value_parser = parse_insecure_host,
+    )]
+    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
+
     /// Use the system Python to uninstall packages.
     ///
     /// By default, uv uninstalls from the virtual environment in the current working directory or
@@ -1985,6 +2016,25 @@ pub struct VenvArgs {
     #[arg(long, value_enum, env = "UV_KEYRING_PROVIDER")]
     pub keyring_provider: Option<KeyringProviderType>,
 
+    /// Allow insecure connections to a host.
+    ///
+    /// Can be provided multiple times.
+    ///
+    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
+    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
+    ///
+    /// WARNING: Hosts included in this list will not be verified against the system's certificate
+    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
+    /// bypasses SSL verification and could expose you to MITM attacks.
+    #[arg(
+        long,
+        alias = "trusted-host",
+        env = "UV_INSECURE_HOST",
+        value_delimiter = ' ',
+        value_parser = parse_insecure_host,
+    )]
+    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
+
     /// Limit candidate packages to those that were uploaded prior to the given date.
     ///
     /// Accepts both RFC 3339 timestamps (e.g., `2006-12-02T02:07:43Z`) and local dates in the same
@@ -3321,6 +3371,26 @@ pub struct InstallerArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
+    /// Allow insecure connections to a host.
+    ///
+    /// Can be provided multiple times.
+    ///
+    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
+    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
+    ///
+    /// WARNING: Hosts included in this list will not be verified against the system's certificate
+    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
+    /// bypasses SSL verification and could expose you to MITM attacks.
+    #[arg(
+        long,
+        alias = "trusted-host",
+        env = "UV_INSECURE_HOST",
+        value_delimiter = ' ',
+        value_parser = parse_insecure_host,
+        help_heading = "Index options"
+    )]
+    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
+
     /// Settings to pass to the PEP 517 build backend, specified as `KEY=VALUE` pairs.
     #[arg(
         long,
@@ -3463,6 +3533,26 @@ pub struct ResolverArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
+    /// Allow insecure connections to a host.
+    ///
+    /// Can be provided multiple times.
+    ///
+    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
+    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
+    ///
+    /// WARNING: Hosts included in this list will not be verified against the system's certificate
+    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
+    /// bypasses SSL verification and could expose you to MITM attacks.
+    #[arg(
+        long,
+        alias = "trusted-host",
+        env = "UV_INSECURE_HOST",
+        value_delimiter = ' ',
+        value_parser = parse_insecure_host,
+        help_heading = "Index options"
+    )]
+    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
+
     /// The strategy to use when selecting between the different compatible versions for a given
     /// package requirement.
     ///
@@ -3635,6 +3725,26 @@ pub struct ResolverInstallerArgs {
     )]
     pub keyring_provider: Option<KeyringProviderType>,
 
+    /// Allow insecure connections to a host.
+    ///
+    /// Can be provided multiple times.
+    ///
+    /// Expects to receive either a hostname (e.g., `localhost`), a host-port pair (e.g.,
+    /// `localhost:8080`), or a URL (e.g., `https://localhost`).
+    ///
+    /// WARNING: Hosts included in this list will not be verified against the system's certificate
+    /// store. Only use `--allow-insecure-host` in a secure network with verified sources, as it
+    /// bypasses SSL verification and could expose you to MITM attacks.
+    #[arg(
+        long,
+        alias = "trusted-host",
+        env = "UV_INSECURE_HOST",
+        value_delimiter = ' ',
+        value_parser = parse_insecure_host,
+        help_heading = "Index options"
+    )]
+    pub allow_insecure_host: Option<Vec<Maybe<TrustedHost>>>,
+
     /// The strategy to use when selecting between the different compatible versions for a given
     /// package requirement.
     ///

crates/uv-cli/src/options.rs

@@ -38,6 +38,7 @@ impl From<ResolverArgs> for PipOptions {
             upgrade_package,
             index_strategy,
             keyring_provider,
+            allow_insecure_host,
             resolution,
             prerelease,
             pre,
@@ -55,6 +56,12 @@ impl From<ResolverArgs> for PipOptions {
             upgrade_package: Some(upgrade_package),
             index_strategy,
             keyring_provider,
+            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
+                allow_insecure_host
+                    .into_iter()
+                    .filter_map(Maybe::into_option)
+                    .collect()
+            }),
             resolution,
             prerelease: if pre {
                 Some(PrereleaseMode::Allow)
@@ -82,6 +89,7 @@ impl From<InstallerArgs> for PipOptions {
             reinstall_package,
             index_strategy,
             keyring_provider,
+            allow_insecure_host,
             config_setting,
             no_build_isolation,
             build_isolation,
@@ -97,6 +105,12 @@ impl From<InstallerArgs> for PipOptions {
             reinstall_package: Some(reinstall_package),
             index_strategy,
             keyring_provider,
+            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
+                allow_insecure_host
+                    .into_iter()
+                    .filter_map(Maybe::into_option)
+                    .collect()
+            }),
             config_settings: config_setting
                 .map(|config_settings| config_settings.into_iter().collect::<ConfigSettings>()),
             no_build_isolation: flag(no_build_isolation, build_isolation),
@@ -121,6 +135,7 @@ impl From<ResolverInstallerArgs> for PipOptions {
             reinstall_package,
             index_strategy,
             keyring_provider,
+            allow_insecure_host,
             resolution,
             prerelease,
             pre,
@@ -142,6 +157,12 @@ impl From<ResolverInstallerArgs> for PipOptions {
             reinstall_package: Some(reinstall_package),
             index_strategy,
             keyring_provider,
+            allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
+                allow_insecure_host
+                    .into_iter()
+                    .filter_map(Maybe::into_option)
+                    .collect()
+            }),
             resolution,
             prerelease: if pre {
                 Some(PrereleaseMode::Allow)
@@ -194,6 +215,7 @@ pub fn resolver_options(resolver_args: ResolverArgs, build_args: BuildArgs) -> R
         upgrade_package,
         index_strategy,
         keyring_provider,
+        allow_insecure_host,
         resolution,
         prerelease,
         pre,
@@ -233,6 +255,12 @@ pub fn resolver_options(resolver_args: ResolverArgs, build_args: BuildArgs) -> R
         upgrade_package: Some(upgrade_package),
         index_strategy,
         keyring_provider,
+        allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
+            allow_insecure_host
+                .into_iter()
+                .filter_map(Maybe::into_option)
+                .collect()
+        }),
         resolution,
         prerelease: if pre {
             Some(PrereleaseMode::Allow)
@@ -268,6 +296,7 @@ pub fn resolver_installer_options(
         reinstall_package,
         index_strategy,
         keyring_provider,
+        allow_insecure_host,
         resolution,
         prerelease,
         pre,
@@ -319,6 +348,12 @@ pub fn resolver_installer_options(
         },
         index_strategy,
         keyring_provider,
+        allow_insecure_host: allow_insecure_host.map(|allow_insecure_host| {
+            allow_insecure_host
+                .into_iter()
+                .filter_map(Maybe::into_option)
+                .collect()
+        }),
         resolution,
         prerelease: if pre {
             Some(PrereleaseMode::Allow)