On Jan 27, 2014, at 7:28 AM, Alex Clark <[email protected]> wrote: > Donald Stufft <donald <at> stufft.io> writes: > >> >> >> >> Just a follow up. >> - OAuth is busted >> >> >> These two issues existed prior to the migration as far as I can tell. > > Correct. We've discussed Oauth in IRC and this ticket has existed since late > last year: > > - > https://bitbucket.org/pypa/pypi/issue/85/oauth-authorise-not-found-https-must-be > > I'm bringing it up now because I'm still interested in seeing it fixed. IIUC > MvL correctly, it happened around the time of the CDN switch. > > In any event, there is a portion of traffic going to/from PyPI unencrypted > and PyPI needs it to be encrypted. This leads to the confusing error message > when trying to do OAuth over "https". You talk https to the end point, and > the end point (seemingly) responds "I need this to be https”.
It’s very unlikely for something to happen over not HTTPS now. The backend servers for PyPI do not offer a non HTTPS port, and Fastly has a blanket HTTP -> HTTPS redirect. Most likely the issue is just that PyPI isn’t realizing that it’s being accessed via HTTPS. > > > > _______________________________________________ > Distutils-SIG maillist - [email protected] > https://mail.python.org/mailman/listinfo/distutils-sig ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - [email protected] https://mail.python.org/mailman/listinfo/distutils-sig
