On Jan 27, 2014, at 7:28 AM, Alex Clark <aclark@aclark.net> wrote:
Donald Stufft <donald <at> stufft.io> writes:
Just a follow up. - OAuth is busted
These two issues existed prior to the migration as far as I can tell.
Correct. We've discussed Oauth in IRC and this ticket has existed since late last year:
- https://bitbucket.org/pypa/pypi/issue/85/oauth-authorise-not-found-https-mus...
I'm bringing it up now because I'm still interested in seeing it fixed. IIUC MvL correctly, it happened around the time of the CDN switch.
In any event, there is a portion of traffic going to/from PyPI unencrypted and PyPI needs it to be encrypted. This leads to the confusing error message when trying to do OAuth over "https". You talk https to the end point, and the end point (seemingly) responds "I need this to be https”.
It’s very unlikely for something to happen over not HTTPS now. The backend servers for PyPI do not offer a non HTTPS port, and Fastly has a blanket HTTP -> HTTPS redirect. Most likely the issue is just that PyPI isn’t realizing that it’s being accessed via HTTPS.
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA