Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support environment variables to set Certificate #1025

Closed
1 task done
kleinjoshuaa opened this issue Oct 29, 2023 · 3 comments
Closed
1 task done

Support environment variables to set Certificate #1025

kleinjoshuaa opened this issue Oct 29, 2023 · 3 comments
Labels
enhancement feature request

Comments

@kleinjoshuaa
Copy link

Is there an existing issue for this?

  • I have searched the existing issues (open and closed), and could not find an existing issue

What keywords did you use to search existing issues?

environment variable ssl certificate

Please describe the problem you are attempting to solve with this request

I work at a company that uses a DLP tool that essentially MITM's all of my traffic. This means I have to pass a custom cert ( twine <cmd> --cert /path/to/cert) to twine each time I run a twine command.

Many other tools let me set an environment variable that would let me put this in my bashrc so I could set it once and not have to remember again.

How do you think we should solve this?

Just support some environment variables to update this setting. Thank you

Anything else you'd like to mention?

No response
@sigmavirus24
Copy link
Member

This does actually already support it in the same way as pip through REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE. I believe Python also respects all the default OpenSSL environment variables as well

@kleinjoshuaa
Copy link
Author

kleinjoshuaa commented Oct 30, 2023
edited
Loading

Interesting - I am on a mac and I do not see that behavior - eg - I do have REQUESTS_CA_BUNDLE and CURL_CA_BUNDLE set as env vars and I get SSL errors when I run twine without the --cert arg. When I use the --cert I do not. Doesn't twine use urllib and not requests?

@sigmavirus24
Copy link
Member

We do use requests. I'm not sure why those aren't being picked up for you. We do also support TWINE_CERT which I had forgotten about

James-E-A added a commit to James-E-A/pypa-twine that referenced this issue Feb 1, 2024
@James-E-A
cli: use truststore if available
a543352 
The lack of this has been a *perennial* thorn for people behind
corporate TLS MITM ALG proxies; when it's soluble, it's still
annoying, and sometimes the proxy applications don't use a stable
root bundle, rendering the situation kinda insoluble.

- pypa#328
- pypa#387
- pypa#536
- pypa#740
- pypa#741
- pypa#835
- pypa#915
- pypa#1025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sigmavirus24 @kleinjoshuaa