fetch_from_legacy: Ignore TLS certificates validity

We want this fetcher to still work even when the CA certs and server
certs are expired or otherwise considered insecure for backwards
compatibility reasons.

fetch_from_legacy.py

@@ -42,14 +42,11 @@ package_name = sys.argv[2]
 index_url = url + "/" + package_name
 package_filename = sys.argv[3]
 
-ssl_context = ssl.create_default_context(
-    cafile=os.environ.get("SSL_CERT_FILE"))
-
 print("Reading index %s" % index_url)
 
 response = urllib.request.urlopen(
     index_url,
-    context=ssl_context)
+    context=ssl.CERT_NONE)
 index = response.read()
 
 parser = Pep503()
@@ -69,7 +66,7 @@ print("Downloading %s" % package_url)
 
 response = urllib.request.urlopen(
     package_url,
-    context=ssl_context)
+    context=ssl.CERT_NONE)
 
 with response as r:
     shutil.copyfileobj(r, package_file)

lib.nix

@@ -141,7 +141,6 @@ let
       {
         nativeBuildInputs = [ python ];
         impureEnvVars = lib.fetchers.proxyImpureEnvVars;
-        SSL_CERT_FILE = "${pkgs.cacert.out}/etc/ssl/certs/ca-bundle.crt";
         outputHashMode = "flat";
         outputHashAlgo = "sha256";
         outputHash = hash;