Add SSL CA certificate information to `pip debug` · Issue #7146 · pypa/pip (original) (raw)

What's the problem this feature will solve?

As described in #6720 (comment), pip may be using several sources of information for the CA certificate bundle to use for HTTPS requests. This makes it hard to debug user issues.

Describe the solution you'd like

In the output of pip debug we should include:

the cert setting from the highest-priority pip configuration file (~~and the configuration file path~~) - on second thought the location doesn't matter much
os.environ.get('REQUESTS_CA_BUNDLE')
os.environ.get('CURL_CA_BUNDLE')
pip._vendor.certifi.where()

This will provide insight into the CA certificate bundle in use for a given request, which can then be used in instructions to the user in conjunction with curl/openssl to submit an HTTP request independent of pip and rule out pip-specific issues.

Alternative Solutions

Do nothing.

Additional context

pip 9.0.1: SLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661) #4459
--quiet suppresses ssl errors #4919
pip SSL certificate errors #6335
Document the behavior of --cert #6720
SSL Certificate issue: Unable to install virtualenv #6915

Add SSL CA certificate information to pip debug · Issue #7146 · pypa/pip (original) (raw)

Add SSL CA certificate information to `pip debug` · Issue #7146 · pypa/pip (original) (raw)