search

sethmlarson / truststore

Verify certificates using OS trust stores
https://truststore.readthedocs.io
MIT License
151 stars 18 forks source link

pip 24.1 use-feature truststore needs a list of trusted-host #142

Closed toaster-code closed 2 months ago

toaster-code commented 2 months ago

Hi, I was using pip 24.0 with cert truststore. I recently upgraded pip to v24.1 and I now I am getting cert errors. If I use pip for something like installing numpy, I get this:

`

pip install numpy --use-feature=truststore --force-reinstall --no-cache-dir WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/numpy/ WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/numpy/ WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/numpy/ WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/numpy/ WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))': /simple/numpy/ Could not fetch URL https://pypi.org/simple/numpy/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/numpy/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1000)'))) - skipping `

I have a self signed certificate from my company so it does blame my certificate in this version.

I managed to avoid this message by adding a trusted-host name in %userprofile%\AppData\Roaming\pip\pip.ini:

`

[global]
use-feature = truststore
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

`

But, if I fallback pip to 24.0 everything works fine again, and there is no need to declared trusted hosts. Why is that? Is that a new feature?

notatallshaw commented 2 months ago

I believe this is a duplicate of https://github.com/pypa/pip/issues/12779

sethmlarson commented 2 months ago

Agreed, thanks @notatallshaw. Closing this issue.

toaster-code commented 2 months ago

Yes you are absolutely right. This is a pypi issue (I don't know why I thought it was an issue in truststore package). I am sorry for the trouble. Best regards