On 22 January 2014 13:29, Christian Heimes <christ...@python.org> wrote: > Side note: > Users can simple add self-signed certs to OpenSSL's cert store and get > validation for free. It's possible to do that with an environment > variable, too. But I recommend against the environment variable because > you may overwrite to operating store.
I'm pretty sure what I'm about to ask isn't what you mean, but take it as an example of how people may misunderstand and/or misinterpret comments in this area ;-) So if I set up a PyPI mirror running under https, with a self-signed certificate, can you explain how I get it to work? For "work", assume I mean pip will use it, I can browse to it with my web browser, and my various Python scripts (now running under Python 3.5 with SSL verification on by default) that query the index all work without needing extra flags, code changes, or interactive prompts. I'm on Windows, by the way, just for added fun. (This is a one of the real-world reasons I've never set up a local https index - not a big one, laziness trumps it by miles :-) as does the effectiveness of simpler solutions - but it's there. I did think about it at one stage. If I *were* to set up an index, it's definitely why I'd use http rather than bothering with https.) Paul _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com