Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How add host to trusted host #835

Closed
Sv9t opened this issue Nov 23, 2021 · 4 comments
Closed

How add host to trusted host #835

Sv9t opened this issue Nov 23, 2021 · 4 comments
Labels
support Users asking for help using twine

Comments

@Sv9t
Copy link

Sv9t commented Nov 23, 2021
edited by bhrutledge
Loading

Hello! After run command twine upload --repository-url https://nexus.dev.mylocal/pypi-repo/ .\dist\* I looking exceptions:
requests.exceptions.SSLError: HTTPSConnectionPool(host='nexus.dev.mylocal', port=443): Max retries exceeded with url: /pypi-repo/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1129)')))

How to solve this problem?
@bhrutledge bhrutledge added the support Users asking for help using twine label Nov 23, 2021
@bhrutledge
Copy link
Contributor

We're going to need more information to help out; that's why there's a template when you create a new issue. Please add the requested information, either in your original comment, or in a new one.

That said, I haven't spent much time with SSL certificates or Nexus, so I'm not sure how much help I can be. Searching for sslerror yields #328, which suggests this is likely a configuration problem in your environment, rather than a direct problem with Twine. It also seems like there might be a workaround.

I also wonder if the --cert or --client-cert options would help here (although the documentation on how to use those could probably be better).

@sigmavirus24
Copy link
Member

Also if you search google for SSLError or certificate verify failed: unable to get local issuer certificate you'll see that the certificate your Nexus is serving can't be verified because it's not using a public certificate that is already trusted by your system. As suggested by @bhrutledge you need to provide that via --cert and this is the topic of many StackOverflow questions and answers. Because this is not a bug, you've provided none of the minimum information required, and there are ample resources available to assist you I'm closing this

@bhrutledge bhrutledge mentioned this issue Nov 23, 2021
Open
@Sv9t
Copy link
Author

Sv9t commented Nov 23, 2021

@bhrutledge @sigmavirus24 I know that is not possible to disable certificate verification, but sometimes this is nessesery.
#328 (comment)
This is solved my problem. Thanks for the help!

PS Probably, one day you will add --trusted-host argument. #387

@sigmavirus24
Copy link
Member

No, we definitely won't, for all of the reasons in that issue

James-E-A added a commit to James-E-A/pypa-twine that referenced this issue Feb 1, 2024
@James-E-A
cli: use truststore if available
a543352 
The lack of this has been a *perennial* thorn for people behind
corporate TLS MITM ALG proxies; when it's soluble, it's still
annoying, and sometimes the proxy applications don't use a stable
root bundle, rendering the situation kinda insoluble.

- pypa#328
- pypa#387
- pypa#536
- pypa#740
- pypa#741
- pypa#835
- pypa#915
- pypa#1025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Users asking for help using twine
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sigmavirus24 @bhrutledge @Sv9t