-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Option to disable SSL verify #1556
Comments
I guess other modifications will be needed to be able to publish as well. EDIT: I realize the code has changed now that 1.0 is live. My patch is not enough anymore. There's the |
After talking with some colleagues, it seems that a better solution is to install the Certificate Authorities (CA) of your corporation on your system and configure your tools to use it, instead of disabling SSL verification (which is bad?). There is a great answer on how to do this for Windows or Linux on this stackoverflow post. I'm leaving this issue open since there were some upvotes, but I don't consider it myself a priority anymore. |
really need this option too |
We have exactly the same issue. It would be great to have this option, similar to pip's trusted-host |
I agree and I would argue that it is required to have such option to use poetry in a corporate environment with multiple private pipy indexes. You just don't want to have to deal with certificates when you know the repository is yours and can be trusted. |
Any progress on that? |
So, i have to stay using crappy pipenv because poetry doesn't have this super basic configuration |
For what it's worth here, I've used this to succesfully bypass SSL validation without any code changes to Poetry: TL;DR; Set the |
It looks like the poetry core PR is close to acceptance? python-poetry/poetry-core#80 This would be the last blocker for us to move over from pip. We could set up a cert for the internal repository but this would be a much more direct path to adoption. |
As I commented in python-poetry/poetry-core#80, I disagree with adding the option to In my view, disabling the validation or defining the path to the CA file are basically the same configuration (so much that |
I found running poetry with a empty
|
Just as a follow up to my previous comment using the Preference to use this variable over the cURL one as requests is the underlying piece making the calls here and by default does not look at the system's certificates and uses some CA certificates that are bundled in. |
I'm also setting |
I've found about Looking at the code, it's used as a fallback for
|
Well I actually used that |
It would be great to specify this only for dedicated sources, e.g. a company gitlab instance. [[tool.poetry.source]]
name = "gitlab-pypi"
url = "https://gitlab.in.my.company/api/v4/groups/<group>/-/packages/pypi/simple"
ssl_verify = false |
Maybe it will be even better to have it compatible with pip and change |
Doing |
That is because poetry spawns its own shell, and you're setting environment variables incorrectly. I would really like to see a configuration option instead of depending on environment variables, which already are acting flaky on windows, as setting an environment variable to an empty string is meant to delete it. |
the guys at request broke the |
I think the solution is to build your own CA bundle. Maintainer of requests
library will not budge on this one, since thats where the issue really is.
See psf/requests#6071. I do agree with
maintainer's stance, but it becomes tedious after 6th time security team
rerolls the certificate.
The main issue with TLS is that the one time it works, people start looking
for ways to disable it. It's a shame that fad is still present, and the big
flashy error "Self signed certificate in chain" points to "lol just disable
security"
…On Mon, Aug 22, 2022, 22:37 Mark ***@***.***> wrote:
Is there a solution for this yet? I spent all day today fiddling with
poetry config to no avail. No matter what I do, it will not accept my
(self-signed) CA certificate for Gitlab and there doesn't seem to be any
way to disable ssl verification.
—
Reply to this email directly, view it on GitHub
<#1556 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABOMALC2IIKZSZZM3E4ZH6LV2PJIFANCNFSM4JKZHLGQ>
.
You are receiving this because you commented.Message ID:
***@***.***>
|
Starting from 1.2: https://python-poetry.org/docs/repositories/#certificates
|
What should be the |
You need to replace pypi as the repository by setting a new |
I am unable to run
Poetry version is 1.2.0 I work on a machine behind a corporate firewall that uses self signed certificates (which I have bundled together) I only intend to use pypi.org package index for now and to either get the ssl verification working with poetry using my certificate bundle or disabling ssl verification altogether |
This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Feature Request
I'm trying to use poetry in a corporate environment. We have a private server and index for packages, and conda is setup to not verify SSL. Unfortunately, I didn't find a similar option or configuration for Poetry, so when I try to install a package with Poetry, it fails (SSLError).
I managed to get it to work by changing two lines in
https://github.com/sdispater/poetry/blob/51c7042160a74adf14038460468e5e5a72b0d965/poetry/repositories/legacy_repository.py#L415-L426
...to this:
Obviously we would use a value specified in the
config.toml
instead of a literalFalse
.The text was updated successfully, but these errors were encountered: