[prev in list] [next in list] [prev in thread] [next in thread]
List: python-distutils-sig
Subject: Re: [Distutils] SNI support in pip
From: Reinout van Rees <reinout () vanrees ! org>
Date: 2014-12-02 12:43:45
Message-ID: m5kc62$ded$1 () ger ! gmane ! org
[Download RAW message or body]
On 01-12-14 13:40, Wichert Akkerman wrote:
> I just noticed that pip does not support SNI (on Python 2.7.8). This is
> a bit problematic for us since we use a private index on a server using
> SNI, and right pip always aborts with a certificate error.
Same problem here (though with buildout). We did manage to get it
working, though.
a) Using the latest and greatest setuptools/buildout. Not sure it helped
in the end, because I thought setuptool contained requests, but
apparently that's pip :-)
b) Making sure the server that you use for your packaging is the first
one in the SNI list. This was the biggest part of the fix.
c) We still had errors afterwards, but that was due to a misconfigured
certificate chain. All the parent certificates between your certificate
and a well-known root certificate need to be inside the certificate
file. A browser will happily fetch the intermediate certificates, but
curl, wget, setuptools, older apt-get and so on won't.
Reinout
--
Reinout van Rees http://reinout.vanrees.org/
reinout@vanrees.org http://www.nelen-schuurmans.nl/
"Learning history by destroying artifacts is a time-honored atrocity"
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
https://mail.python.org/mailman/listinfo/distutils-sig
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic