As a result of the issue seen in #637, we are settling on the idea to use pip-system-certs to address this issue, since it essentially does what we would do manually (i.e. look in system pre-defined paths for private CA certificates) but does it automatically by leveraging the system-wide OpenSSL configuration via the python ssl module.
We should decide how we want to do this:
Include as a dependency of this package
Include as a dependency of this package in the OIDC extra (since this is when it's actually required, see #637), and recommend its use in documentation in other situations
Only recommend its use and don't install by default at all
The reason for not just including as a dependency in all situations is that it is very side-effect-y, in that it patches all instances of pip and requests at runtime. If a user isn't expecting this then it could be confusing.
Maybe we add it as an additional extra?
@ansys/matbu-project-maintainers Comments welcome on which way to go with this.
As a result of the issue seen in #637, we are settling on the idea to use
pip-system-certsto address this issue, since it essentially does what we would do manually (i.e. look in system pre-defined paths for private CA certificates) but does it automatically by leveraging the system-wide OpenSSL configuration via the python ssl module.We should decide how we want to do this:
The reason for not just including as a dependency in all situations is that it is very side-effect-y, in that it patches all instances of
pipandrequestsat runtime. If a user isn't expecting this then it could be confusing.Maybe we add it as an additional extra?
@ansys/matbu-project-maintainers Comments welcome on which way to go with this.