Closed bindreams closed 6 months ago
Thanks for opening this. Our implementation of loading certificates on Linux/OpenSSL is fairly straightforward, we look in the OpenSSL-configured default location first and then investigate a few standard locations where certificates tend to be (based on Christian Heimes' list).
If you could look at our implementation and then see where things are going wrong on your machine that would help greatly in case others are experiencing this issue as well. Unfortunately because your issue likely is being caused by your specific environment/configuration it's unlikely we'll be able to help you more than this. I hope this is enough to figure out the root cause and report back?
@andreasxp Could you provide the path that ca-certificates
certificate bundle is installed at in addition to the output of the following Python script:
import ssl
print(ssl.get_default_verify_paths())
Without this information it's not possible to debug your issue. Thank you!
Hi again, it seems I can no longer reproduce the issue. Time heals all wounds I guess 🤷
When installing a package from a zip file, like this:
I received the following error:
I'm not sure if installing via a zip file specifically is the issue, because AFAIK our pypi certificates are not being substituted by corporate. I can confirm that
curl https://github.com
works without any cert problems. Also, using thepip-system-certs
package instead of the truststore option worked in this case.From my limited understanding, it seems that in our corporate environment github returns a certificate signed by our corporate root CA with no intermediates. This root CA was manually installed using
ca-certificates
package on ubuntu 22.04.