Open jbevi opened 2 weeks ago
Hi! Do you mind reading these to see if they address your questions?
I tried adding to pyproject.toml:
[tool.uv] allow-insecure-host = ["nexus.cloudint.com"]
but it seems to have no effect and the handshake error continues.
Can you run a command with --show-settings
, and see if the setting is being picked up properly?
uv add uvicorn --show-settings
GlobalSettings {
quiet: false,
verbose: 0,
color: Auto,
native_tls: false,
concurrency: Concurrency {
downloads: 50,
builds: 8,
installs: 8,
},
connectivity: Online,
show_settings: true,
preview: Disabled,
python_preference: Managed,
python_downloads: Automatic,
no_progress: false,
}
CacheSettings {
no_cache: false,
cache_dir: None,
}
AddSettings {
locked: false,
frozen: false,
no_sync: false,
packages: [
"uvicorn",
],
requirements: [],
dependency_type: Production,
editable: None,
extras: [],
raw_sources: false,
rev: None,
tag: None,
branch: None,
package: None,
script: None,
python: None,
refresh: None(
Timestamp(
SystemTime {
tv_sec: 1724954621,
tv_nsec: 41840693,
},
),
),
settings: ResolverInstallerSettings {
index_locations: IndexLocations {
index: None,
extra_index: [
Url(
VerbatimUrl {
url: Url {
scheme: "https",
cannot_be_a_base: false,
username: "",
password: None,
host: Some(
Domain(
"nexus.cloudint.com",
),
),
port: None,
path: "/nexus/repository/pypi-proxy/simple",
query: None,
fragment: None,
},
given: Some(
"https://nexus.cloudint.com/nexus/repository/pypi-proxy/simple",
),
},
),
Url(
VerbatimUrl {
url: Url {
scheme: "https",
cannot_be_a_base: false,
username: "",
password: None,
host: Some(
Domain(
"nexus.cloudint.com",
),
),
port: None,
path: "/nexus/repository/infraestructura-pypi/simple/",
query: None,
fragment: None,
},
given: Some(
"https://nexus.cloudint.com/nexus/repository/infraestructura-pypi/simple/",
),
},
),
],
flat_index: [],
no_index: false,
},
index_strategy: FirstIndex,
keyring_provider: Disabled,
allow_insecure_host: [
TrustedHost {
scheme: Some(
"https",
),
host: "nexus.cloudint.com",
port: None,
},
],
resolution: Highest,
prerelease: IfNecessaryOrExplicit,
config_setting: ConfigSettings(
{},
),
no_build_isolation: false,
no_build_isolation_package: [],
exclude_newer: None,
link_mode: Hardlink,
compile_bytecode: false,
sources: Enabled,
upgrade: None,
reinstall: None,
build_options: BuildOptions {
no_binary: None,
no_build: None,
},
},
}
Interesting, that all looks correct.
I suspect that your server is misconfigured in some other way... When the certificate is invalid, you tend to get invalid peer certificate
?
Do you know what software is being used to run the PyPI proxy? I tried to connect to nexus.cloudint.com
but I suppose that it is internal only. A packet capture might help a little but we'd probably need to setup SSLKEYLOGFILE
support which I guess uv
might not support out of the box.
This is unlikely to be related to the server certificate. Instead, the server does not have any overlap with the client's TLS settings, so it sends a TLS alert saying a handshake is impossible. That is the "received fatal alert: HandshakeFailure" output; the client doesn't get any more information than this.
Suggest running a local tool like sslscan
against the host to see what TLS versions and cipher suites it does support.
Thanks for the quick responses. I don't have the option to run sslscan on the server. My main doubt is why this error occurs with UV, but not with pipenv, pip, or even curl.
No, you'd run sslscan
on the client, against the server.
I'm not allowed to do that. But I can run curl using the index url:
curl https://nexus.cloudint.com/nexus/repository/pypi-proxy/simple/uvicorn/ -v
I write the log extracts:
...
Connected to nexus.cloudint.com port 443 (#0)
...
SSL connection using TLSv1.2
...
HTTP/1.1 200 OK
...
<html lang="en">
<head><title>Links for uvicor</title>
<meta name="api-version" value="2"/>
</head>
<body><h1>Links for uvicor</h1>
<a href="../../packages/uvicorn/0.0.1/uvicorn-0.0.1.tar.gz#sha256=a88750101a094e293ed543f750e78be9fa00594966d32a7805b9d93fa0f9cdd5" rel="internal">uvicorn-0.0.1.tar.gz</a><br/>
....
uv platform: ubuntu 20 uv version: 0.4.0
Hello, I tell you my case. I currently work with pipenv as a manager of virtual environments in projects.
In my company there is a pypi proxy and other indexes that the different areas use to upload their libraries.
With pipenv I can configure the indexes where to search for the project's libraries and disable ssl validation, as follows.
When installing the libraries of a project by doing: pipenv install
It is capable of installing them by searching the configured indexes.
Is there something similar in uv, for example configuring pyproject.toml ? I have tried adding:
When doing uv add uvicorn for example, it tries to search for the library in the extra-index-url, but not in index-url, which is where it is located, and it gives an ssl validation error. Log extract:
retrying: error sending request for url (https://nexus.cloudint.com/nexus/repository/infraestructura-pypi/simple/uvicorn/) Caused by: client error (Connect) Caused by: received fatal alert: HandshakeFailure error: Request failed after 3 retries Caused by: error sending request for url (https://nexus.cloudint.com/nexus/repository/infraestructura-pypi/simple/uvicorn/) Caused by: client error (Connect) Caused by: received fatal alert: HandshakeFailure
Thanks in advance.