Use configured CA certificate when downloading packages #3349
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request Check List
Resolves: possibly #3110 #2593 #1012 (I haven't looked into the nuances)
It seems that #1325 tried to add support to supply custom CA certificates for custom 3rd party repositories (via
poetry config certificates.$repo.cert
).But the implementation was incomplete:
poetry lock
properly uses the correct CA certs for custom repository access, butpoetry install
still fails with a cert error because the package download code path does not use the configured CA certificates.This issue surfaced for us when upgrading Poetry from 1.1.3 to 1.1.4, the minor release had change #3251 that gave our custom repository priority (it was ignored previously); the root cause was challenging to track down.
This PR is a hack to make artifact downloads use configured CA file too. I wanted to submit this first to get feedback whether I'm on the right track.
Error that occurs without this patch: