Pip dependencies can break on ill-configured HTTP proxies

[hamelin]

On a mercurial Windows box, I have had to deal with a very annoying HTTP proxy that only was necessary for accessing GitHub.com; attempts at proxying PyPI connections through that proxy failed. I have fumbled with pip.conf, as well as HTTP[S]_PROXY and NO_PROXY environment variables, to no avail: only by changing the git+https PyPI package links to git+ssh package links was I able to complete the creation of the environment.

This ability of using either HTTPS or SSH for packages hosted on GitHub could be automated through some Makefile mods. It would make the "official" environment.yml be generated from a template by the Makefile.

[hamelin]

Solved. In my own case, the organization intercepts and re-authorizes SSL certificates. For that, it must inform any program performing HTTPS of the CA certificates. In the case of Git, this is done by configuring the http.sslCAInfo setting.

git config --global --add http.sslCAInfo "Path to CA certificate file"

Setting, alternatively, http.sslCAPath can also provide a solution, as well as setting http."BASE URL".sslVerify to false for, say, Github.com. This last approach is less secure, however, especially if targetting Github.com.