[Distutils] SNI support in pip
Reinout van Rees
reinout at vanrees.org
Tue Dec 2 13:43:45 CET 2014
On 01-12-14 13:40, Wichert Akkerman wrote:
> I just noticed that pip does not support SNI (on Python 2.7.8). This is
> a bit problematic for us since we use a private index on a server using
> SNI, and right pip always aborts with a certificate error.
Same problem here (though with buildout). We did manage to get it
working, though.
a) Using the latest and greatest setuptools/buildout. Not sure it helped
in the end, because I thought setuptool contained requests, but
apparently that's pip :-)
b) Making sure the server that you use for your packaging is the first
one in the SNI list. This was the biggest part of the fix.
c) We still had errors afterwards, but that was due to a misconfigured
certificate chain. All the parent certificates between your certificate
and a well-known root certificate need to be inside the certificate
file. A browser will happily fetch the intermediate certificates, but
curl, wget, setuptools, older apt-get and so on won't.
Reinout
--
Reinout van Rees http://reinout.vanrees.org/
reinout at vanrees.org http://www.nelen-schuurmans.nl/
"Learning history by destroying artifacts is a time-honored atrocity"
More information about the Distutils-SIG
mailing list