CODEWITHSUNDEEP
pythonsslpython-poetry
Alexander Shpindler
Alexander Shpindler

Reputation: 951

How to skip certificate verification in poetry?

I'm trying to add a new package using poetry add, but it always comes with this error:

HTTPSConnectionPool(host='10.140.240.64', port=443): Max retries exceeded with url: /api/v4/projects/118/packages/pypi/files/47f05b39ebe470235b70724fb049985ea75fad6c1a5007ad3462f3d430da338b/tg_client-0.1.10-py3-none-any.whl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1129)')))

Who knows how to skip this verification?

Updated:

I try to add a package from private repository:

[[tool.poetry.source]]
name = "my_package"
url = "https://..."
secondary = true

Maybe that is why the solution poetry config certificates.my_package.cert false doesn't work.

Upvotes: 10

Views: 21984

Answers (4)

Richard Scholtens
Richard Scholtens

Reputation: 1023

Using the answer of @Kashyap I could fix this problem. Run the following commands:

  poetry source add fpho https://files.pythonhosted.org
  poetry config certificates.fpho.cert false
  poetry source add pypi
  poetry config certificates.PyPI.cert false
  poetry config certificates.pypi.cert false

I did not need to adjust the pyproject.toml.

Tested on following versions:

Poetry (version 1.6.1)

Python 3.9.0

Upvotes: 10

Kashyap
Kashyap

Reputation: 17476

TL;DR

For every host that you see in error message, add a new fake repository and disable verification for it.

An relevant discussion on topic: https://github.com/orgs/python-poetry/discussions/6681

If you're doing this globally:

  • Add repo using poetry source add XYZ... or by editing config.toml.
  • Disable cert check using poetry config certificates.XYZ.cert false or by editing auth.toml

It might be possible to do the same for your specific project (pyproject.toml) instead of globally (config.toml and auth.toml). See poetry docs.

E.g.

  1. For me it started with host='pypi.org':

HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /packages/0b/fc/8781442def77b0aa22f63f266d4dadd486ebc0c5371d6290caf4320da4b7/setuptools-67.6.1-py3-none-any.whl (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]

  1. This was worked around by asking poetry to ignore cert verification for PyPI (not pypi). Using
$ poetry config certificates.PyPI.cert false
  1. Then I got same error for files.pythonhosted.org.
$ poetry source add fpho https://files.pythonhosted.org
$ poetry config certificates.fpho.cert false

Final environment:

$ 
$ export PYTHONWARNINGS="ignore:Unverified HTTPS request"
$ 
$ cat /home/kash/.config/pypoetry/config.toml 
[repositories]

[repositories.fpho]
url = "https://files.pythonhosted.org"

[repositories.my_host_240_64]
url = "10.140.240.64"

$ 
$ cat /home/kash/.config/pypoetry/auth.toml 

# apparently the brain-trust at poetry call pypi.org repo "PyPI",
# not pypi. And provide no apparent way to list the "default" repos.
[certificates.PyPI]
cert = false

[certificates.fpho]
cert = false

[certificates.my_host_240_64]
cert = false

$
$ poetry add <your package>
$

Upvotes: 7

Alexander Shpindler
Alexander Shpindler

Reputation: 951

I found 2 working solutions:

  1. Use poetry version<=1.0.9 and use CURL_CA_BUNDLE="" poetry install;
  2. Extract certificate from the repository as described here then copy-paste it in the end of file with path requests.utils.DEFAULT_CA_BUNDLE_PATH (python).

Upvotes: 1

rasjani
rasjani

Reputation: 7970

https://python-poetry.org/docs/repositories/#certificates:

The value of certificates.< repository >.cert can be set to false if certificate verification is required to be skipped. This is useful for cases where a package source with self-signed certificates are used.

poetry config certificates.foo.cert false

Upvotes: 1

Related Questions