1 files changed, 59 insertions, 1 deletions

diff --git a/sphinx/util/requests.py b/sphinx/util/requests.py
index 36ac1e0e7..e2ac94e80 100644
--- a/sphinx/util/requests.py
+++ b/sphinx/util/requests.py
@@ -14,7 +14,10 @@ from __future__ import absolute_import
 import requests
 import warnings
 import pkg_resources
-from requests.packages.urllib3.exceptions import SSLError
+
+from six import string_types
+from six.moves.urllib.parse import urlsplit
+from requests.packages.urllib3.exceptions import SSLError, InsecureRequestWarning
 
 # try to load requests[security]
 try:
@@ -45,6 +48,7 @@ useragent_header = [('User-Agent',
 
 
 def is_ssl_error(exc):
+    """Check an exception is SSLError."""
     if isinstance(exc, SSLError):
         return True
     else:
@@ -53,3 +57,57 @@ def is_ssl_error(exc):
             return True
         else:
             return False
+
+
+def _get_tls_cacert(url, config):
+    """Get addiotinal CA cert for a specific URL.
+
+    This also returns ``False`` if verification is disabled.
+    And returns ``True`` if additional CA cert not found.
+    """
+    if not config.tls_verify:
+        return False
+
+    certs = getattr(config, 'tls_cacerts', None)
+    if not certs:
+        return True
+    elif isinstance(certs, (string_types, tuple)):
+        return certs
+    else:
+        hostname = urlsplit(url)[1]
+        if '@' in hostname:
+            hostname = hostname.split('@')[1]
+
+        return certs.get(hostname, True)
+
+
+def get(url, **kwargs):
+    """Sends a GET request like requests.get().
+
+    This sets up User-Agent header and TLS verification automatically."""
+    kwargs.setdefault('headers', dict(useragent_header))
+    config = kwargs.pop('config', None)
+    if config:
+        kwargs.setdefault('verify', _get_tls_cacert(url, config))
+
+    with warnings.catch_warnings():
+        if not kwargs.get('verify'):
+            # ignore InsecureRequestWarning if verify=False
+            warnings.filterwarnings("ignore", category=InsecureRequestWarning)
+        return requests.get(url, **kwargs)
+
+
+def head(url, **kwargs):
+    """Sends a HEAD request like requests.head().
+
+    This sets up User-Agent header and TLS verification automatically."""
+    kwargs.setdefault('headers', dict(useragent_header))
+    config = kwargs.pop('config', None)
+    if config:
+        kwargs.setdefault('verify', _get_tls_cacert(url, config))
+
+    with warnings.catch_warnings():
+        if not kwargs.get('verify'):
+            # ignore InsecureRequestWarning if verify=False
+            warnings.filterwarnings("ignore", category=InsecureRequestWarning)
+        return requests.get(url, **kwargs)