Open millsks opened 2 weeks ago
Yea, this block is problematic:
We'll need to improve the logic there a bit. Thanks for the report.
@millsks, I opened https://github.com/conda/constructor/pull/860. Can you give it a try locally and see if it fixes your issue?
Looks good from my local run with your ssl-verify
branch. I put in print(f"conda_context.ssl_verify: {conda_context.ssl_verify}")
after line 463 on constructor/fcp.py to verify in the output.
$ conda config --set ssl_verify true
$ grep ^ssl_verify ~/.condarc
ssl_verify: true
$ constructor Miniforge3 --dry-run --debug 2>&1|grep ssl_verify
conda_context.ssl_verify: True
^C
$ conda config --set ssl_verify false
$ grep ^ssl_verify ~/.condarc
ssl_verify: false
$ constructor Miniforge3 --dry-run --debug 2>&1|grep ssl_verify
conda_context.ssl_verify: False
^C
$ conda config --set ssl_verify truststore
$ grep ^ssl_verify ~/.condarc
ssl_verify: truststore
$ constructor Miniforge3 --dry-run --debug 2>&1|grep ssl_verify
conda_context.ssl_verify: truststore
^C
This is the version that is installed on my local system using your branch.
$ constructor --version
constructor 2.0.3.dev689+gbb1c92a
$ conda list|grep ^constructor
constructor 2.0.3.dev689+gbb1c92a pypi_0 pypi
Checklist
What happened?
When executing constructor I receive SSL verify errors because of a self-signed certificate chain. This is normally taken care of with specifying the CA cert in ssl_verify or by using
truststore
to let it default to the CA cert stores on the server. No matter what I set the value of ssl_verify the value in the conda_context.ssl_verify referenced in fcp.py is always set to True. The only way I can get it to override is to use the environment variablesCONDA_SSL_VERIFY=False
or the REQUESTS_CA_BUNDLE with the path to a specific CA cert.Is this by design or should the ssl_verify set in condarc be honored?
Additional Context
I am using micromamba 1.5.7-0 on Linux with the latest version of constructor. The issue is happening on a closed system that I do not have the ability to share screenshots.