Closed mrtnbrst closed 8 months ago
I don't like the idea of being able to disable TLS verification within config since disabling TLS should be an active action.
Perhaps we could add a CLI flag like --insecure-skip-tls-verify
? Would you be interested in opening a PR for this?
I'll try to do the required PR for the ensureconda
package and then come back here afterwards.
BR Martin
I didn't manage to get it to work with certificates. It works from the home office which is good enough for now.
Checklist
What happened?
The error shows when conda-lock is used in combination with self-signed certificates. The error originates from the requests library, as described in https://github.com/psf/requests/pull/6074. As of this moment, request does not want to provide a way to globally disable ssl verification anymore. A possible solution would be handling it like Poetry by adding a configuration for disabling the verification (https://github.com/python-poetry/poetry/issues/1556) and pass the verify=False keyword.
The "setting" verify=False would also need to be passed down to the
ensureconda
package it seems.conda-lock -f .\environment.yml
Traceback (most recent call last): File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\connectionpool.py", line 711, in urlopen self._prepare_proxy(conn) File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\connectionpool.py", line 1007, in _prepare_proxy conn.connect() File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\connection.py", line 419, in connect self.sock = ssl_wrapsocket( File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\util\ssl.py", line 449, in ssl_wrap_socket ssl_sock = _ssl_wrap_socketimpl( File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\util\ssl.py", line 493, in _ssl_wrap_socket_impl return ssl_context.wrap_socket(sock, server_hostname=server_hostname) File "c:\program files (x86)\python\lib\ssl.py", line 500, in wrap_socket return self.sslsocket_class._create( File "c:\program files (x86)\python\lib\ssl.py", line 1040, in _create self.do_handshake() File "c:\program files (x86)\python\lib\ssl.py", line 1309, in do_handshake self._sslobj.do_handshake() ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\requests\adapters.py", line 486, in send resp = conn.urlopen( File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\connectionpool.py", line 798, in urlopen retries = retries.increment( File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\urllib3\util\retry.py", line 592, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.anaconda.org', port=443): Max retries exceeded with url: /package/anaconda/conda-standalone/files (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last): File "c:\program files (x86)\python\lib\runpy.py", line 194, in _run_module_as_main return _run_code(code, main_globals, None, File "c:\program files (x86)\python\lib\runpy.py", line 87, in _run_code exec(code, run_globals) File "c:\users\borstm.local\bin\conda-lock.exe__main.py", line 7, in
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\click\core.py", line 1157, in call
return self.main(*args, kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\click\core.py", line 1078, in main
rv = self.invoke(ctx)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\click\core.py", line 1688, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\click\core.py", line 1434, in invoke
return ctx.invoke(self.callback, ctx.params)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\click\core.py", line 783, in invoke
return callback(*args, *kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\click\decorators.py", line 33, in new_func
return f(get_current_context(), args, kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\conda_lock\conda_lock.py", line 1380, in lock
lock_func(
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\conda_lock\conda_lock.py", line 1085, in run_lock
_conda_exe = determine_conda_executable(
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\conda_lock\invoke_conda.py", line 56, in determine_conda_executable
for candidate in _determine_conda_executable(conda_executable, mamba, micromamba):
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\conda_lock\invoke_conda.py", line 50, in _determine_conda_executable
yield _ensureconda(mamba=mamba, micromamba=micromamba, conda=True, conda_exe=True)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\conda_lock\invoke_conda.py", line 30, in _ensureconda
_conda_exe = ensureconda(
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\ensureconda\api.py", line 116, in ensureconda
maybe_exe = install_conda_exe()
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\ensureconda\installer.py", line 57, in install_conda_exe
resp = request_url_with_retry(url)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\ensureconda\installer.py", line 25, in request_url_with_retry
resp = requests.get(url, allow_redirects=True)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\requests\api.py", line 73, in get
return request("get", url, params=params, kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\requests\api.py", line 59, in request
return session.request(method=method, url=url, kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\requests\sessions.py", line 589, in request
resp = self.send(prep, send_kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\requests\sessions.py", line 703, in send
r = adapter.send(request, **kwargs)
File "C:\Users\borstm.local\pipx\venvs\conda-lock\lib\site-packages\requests\adapters.py", line 517, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.anaconda.org', port=443): Max retries exceeded with url: /package/anaconda/conda-standalone/files (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1123)')))
Conda Info
No response
Conda Config
Conda list
No response
Additional Context
No response