Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Again problems with the --native-tls flag or SSL_CERT_FILE #9243

Open
andreamoro opened this issue Nov 19, 2024 · 9 comments
Open

Again problems with the --native-tls flag or SSL_CERT_FILE #9243

andreamoro opened this issue Nov 19, 2024 · 9 comments
Labels
question Asking for clarification or support

Comments

@andreamoro
Copy link

andreamoro commented Nov 19, 2024
edited
Loading

After a small period of joy, again today I'm experiencing problems in using the uv pip install.
Whether using the --native-tls or setting the SSL_CERT_FILE, both the approach resolve in a "Failed to tech error".

image

When it comes to the SSL_CERT_FILE, read-only permissions on the file were given. Not sure this would be making any difference at this stage.

UV version tried, both the 0.4.28 and the 0.5.2

Would someone so kind to provide some debugging steps?
@zanieb
Copy link
Member

zanieb commented Nov 19, 2024

Can you share verbose logs? You can also use RUST_LOG=debug to get logs from the networking stack, it'll be very verbose.

@zanieb zanieb added the question Asking for clarification or support label Nov 19, 2024
@andreamoro
Copy link
Author 

DEBUG uv 0.5.2 (Homebrew 2024-11-14)
DEBUG Searching for default Python interpreter in virtual environments
DEBUG Found `cpython-3.12.1-macos-aarch64-none` at `/Users/andreamoro/.pyenv/versions/3.12.1/envs/DataAnalysis/bin/python3` (active virtual environment)
Using Python 3.12.1 environment at .pyenv/versions/3.12.1/envs/DataAnalysis
DEBUG Acquired lock for `.pyenv/versions/3.12.1/envs/DataAnalysis`
DEBUG At least one requirement is not satisfied: seaborn
DEBUG Using request timeout of 30s
DEBUG Solving with installed Python version: 3.12.1
DEBUG Solving with target Python version: >=3.12.1
DEBUG Adding direct dependency: seaborn*
DEBUG No cache entry for: https://pypi.org/simple/seaborn/
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
DEBUG Released lock at `/Users/andreamoro/.pyenv/versions/3.12.1/envs/DataAnalysis/.lock`
error: Failed to fetch: `https://pypi.org/simple/seaborn/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

@andreamoro
Copy link
Author

Or with the rust_log enabled

❯ uv pip install --native-tls seaborn --verbose
DEBUG uv 0.5.2 (Homebrew 2024-11-14)
DEBUG Searching for default Python interpreter in virtual environments
DEBUG Found `cpython-3.12.1-macos-aarch64-none` at `/Users/andreamoro/.pyenv/versions/3.12.1/envs/DataAnalysis/bin/python3` (active virtual environment)
Using Python 3.12.1 environment at .pyenv/versions/3.12.1/envs/DataAnalysis
DEBUG Acquired lock for `.pyenv/versions/3.12.1/envs/DataAnalysis`
DEBUG At least one requirement is not satisfied: seaborn
DEBUG Using request timeout of 30s
DEBUG Solving with installed Python version: 3.12.1
DEBUG Solving with target Python version: >=3.12.1
DEBUG Adding direct dependency: seaborn*
INFO add_decision: root @ 0a0.dev0 without checking dependencies
DEBUG No cache entry for: https://pypi.org/simple/seaborn/
DEBUG starting new connection: https://pypi.org/
DEBUG connecting to 151.101.192.223:443
DEBUG connected to 151.101.192.223:443
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
WARN Retry attempt #0. Sleeping 425.833483ms before the next attempt
DEBUG starting new connection: https://pypi.org/
DEBUG connecting to 151.101.192.223:443
DEBUG connected to 151.101.192.223:443
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
WARN Retry attempt #1. Sleeping 1.954031005s before the next attempt
DEBUG starting new connection: https://pypi.org/
DEBUG connecting to 151.101.192.223:443
DEBUG connected to 151.101.192.223:443
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
WARN Retry attempt #2. Sleeping 1.038860859s before the next attempt
DEBUG starting new connection: https://pypi.org/
DEBUG connecting to 151.101.192.223:443
DEBUG connected to 151.101.192.223:443
DEBUG Transient request failure for https://pypi.org/simple/seaborn/, retrying: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
DEBUG Released lock at `/Users/andreamoro/.pyenv/versions/3.12.1/envs/DataAnalysis/.lock`
error: Failed to fetch: `https://pypi.org/simple/seaborn/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/seaborn/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer

It looks like he doesn't like the certificate, but it's the same I used the other time I was able to get it through... generated from the system settings.

@zanieb
Copy link
Member

zanieb commented Nov 19, 2024

Thanks! Yeah I'm not sure what to tell you here, it looks like the certificate is wrong — this usually has nothing to do with uv's implementation. You can get more logs with RUST_LOG=trace but I doubt it'll show anything interesting. Does the cert work with other tools?

@andreamoro
Copy link
Author

andreamoro commented Nov 19, 2024
edited
Loading

Yes it does :(
But why the --native-tls is not going to work anymore? That one should look at the system settings, no?

@zanieb
Copy link
Member

zanieb commented Nov 19, 2024

The behavior of that flag should not have changed, I'm assuming this stopped working without you changing your uv version? What kind of proxy are you using? Who runs it? How do you know the cert is up to date?

@andreamoro
Copy link
Author

andreamoro commented Nov 19, 2024
edited
Loading

Update uv today after this was failing. Company is using Zscaler. Cert was verified against the Keychain file ... and just in case I made a new bundle seconds ago just to confirm this was updated, but yet not joy.

In any case I validated the .pem file using the openssl x509 -in "/Documents/ZscalerCertificate.pem" -text -noout command with success.

@zanieb
Copy link
Member

zanieb commented Nov 19, 2024

But you said this also fails on an old version of uv? What was the last working version?

@andreamoro
Copy link
Author

That's a very good question. I might have ran a brew upgrade at some point, but I don't remember whether uv was upgraded and which version I had before. My bad.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Asking for clarification or support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zanieb @andreamoro