Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#76709 - [python-pip] pip does not use system certificates
Attached to Project:
Community Packages
Opened by Cezary Drożak (cdro) - Thursday, 01 December 2022, 10:58 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:05 GMT
Opened by Cezary Drożak (cdro) - Thursday, 01 December 2022, 10:58 GMT
Last edited by Buggy McBugFace (bugbot) - Saturday, 25 November 2023, 20:05 GMT
|
DetailsDescription:
While the `python-certifi` package replaces the vendored certificate with a link to the system certificate bundle, pip vendors certifi, so it does not apply to pip. Additional info: * python-pip version: 22.3.1-1 Steps to reproduce: I am connected to the company's network, which uses FortiGate's SSL Inspection. This requires trusting a certificate issued by FortiGate. I'm not sure what would be the best way to reproduce outside of such network. 1. Trust the company's certificate using `trust anchor fortigate.crt` and run `update-ca-trust` 2. Packages using `python-certifi` now work correctly, but pip does not. |
This task depends upon
Closed by Buggy McBugFace (bugbot)
Saturday, 25 November 2023, 20:05 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/python-pip/issues/1
Saturday, 25 November 2023, 20:05 GMT
Reason for closing: Moved
Additional comments about closing: https://gitlab.archlinux.org/archlinux/p ackaging/packages/python-pip/issues/1
FS#40713(which suggests this used to work).Is there any way to use the `--cert' switch [1]?
A quick search turned up these [2][3][4]. Anything in there help?
[1] https://man.archlinux.org/man/extra/python-pip/pip-help.1.en#cert
[2] https://stackoverflow.com/questions/39356413/how-to-add-a-custom-ca-root-certificate-to-the-ca-store-used-by-pip-in-windows
[3] https://bbs.archlinux.org/viewtopic.php?id=251007
[4] https://github.com/pypa/pip/issues/9525
export PIP_CERT=/etc/ssl/certs/ca-certificates.crt
I reported it as a bug, because I noticed that a symlink is already being created for `python-certifi`. I thought that it could be done for this package too.