huschplay
huschplay
PostsComments
WWindmill
Created by huschplay on 1/24/2025 in #help
Can't get Python to work with TLS Interception, always UnknownIssuer
Hi guys, after updating to the current release, all Python applications fail to download their dependencies. 
Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
Error while installing certifi==2024.12.14:
Using CPython 3.11.10 interpreter at: /usr/local/bin/python
error: Failed to fetch: `https://pypi.org/simple/certifi/`
  Caused by: Request failed after 3 retries
  Caused by: error sending request for url (https://pypi.org/simple/certifi/)
  Caused by: client error (Connect)
  Caused by: invalid peer certificate: UnknownIssuer
Before the update, everything worked fine (to note, I just downgraded and tested again, the issue persists. So I am unsure if this is actually related to the update). I have the following env's in place. 
      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla
      - INIT_SCRIPT=/tmp/use_ca.sh
      - REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - DENO_TLS_CA_STORE=system,mozilla
my init_script runs and adds the certificates to the system store. If I run either pip install httpx or uv pip install httpx in the shell of the worker, I don't face the issue. I feel like the worker is creating a separate environment that does not respect the placed env's. I also addedWHITELIST_ENVSwith no effect. If I run a simple Python script that prints the values env's above, the values are printed correctly. I do not have any issue pulling dependencies for rust or typescript. Any help would be appreciated.
28 replies