[Python-Dev] https://bugs.python.org/issue33127 breaks pip / easy_install / pipenv etc in corporate networks on MS Windows using self-signed certificates

Oleg Sivokon olegs at traiana.com
Tue Apr 17 05:46:58 EDT 2018

It is common practice in corporate networks that connect MS Windows machines to redirect all (encrypted included) traffic through company's router.  For this purpose routers are usually configured to act as a CA.  However, the certificate issued by such "CA" will of course not be found in the certificates distributed with LibreSSL (how would they even know?).  MS Windows networking, however, has a way to configure these policies.

Prior to this issue, Python relied on the OS libraries to implement TLS protocol, so the overall setup worked transparently for users.  Since 3.6.5, however, this is no longer possible (requires alteration of certificates distributed with Python).

I'm asking that this be made configurable / possible to disable using simple means, perhaps an environment variable / registry key or similar.

PS. I still cannot register to the bug tracker (never received a confirmation email), this is why you are reading this email.

- Best.

This communication and all information contained in or attached to it is confidential, intended solely for the addressee, may be legally privileged and is the intellectual property of one of the companies of NEX Group plc ("NEX") or third parties. If you are not the intended addressee or receive this message in error, please immediately delete all copies of it and notify the sender. We have taken precautions to minimise the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachments. We do not accept liability for any loss or damage caused by software viruses. NEX reserves the right to monitor all communications. We do not accept any legal responsibility for the content of communications, and no communication shall be considered legally binding. Furthermore, if the content of this communication is personal or unconnected with our business, we accept no liability or responsibility for it. NEX Group plc is a public limited company registered in England and Wales under number 10013770 and certain of its affiliates are authorised and regulated by regulatory authorities. For further regulatory information please see www.NEX.com.

More information about the Python-Dev mailing list