Still not able to run uv on corporate network with custom root certificates (uv 0.0.11)

[carlosjourdan]

#1474 was not fixed by #1512 for me on v 0.1.11

Corporate network with ssl inspection firewall, custom ca on every site. Root certificate is trusted by windows, and environment variables REQUESTS_CA_BUNDLE and SSL_CERT_FILE are setup. Python requests work fine. Pip install as well. uv fails with error below.

error: error sending request for url (https://pypi.org/simple/zeep/): error trying to connect: invalid peer certificate: UnknownIssuer
  Caused by: error trying to connect: invalid peer certificate: UnknownIssuer
  Caused by: invalid peer certificate: UnknownIssuer

[zanieb]

We do not respect the REQUESTS_CA_BUNDLE variable, what do you set that to? We do respect SSL_CERT_FILE but if your certificate are registered with the Windows certificate store then that should not be necessary.

It may be worth seeing if there are any upstream rustls-native-certs issues that apply to your situation and confirm that your certificates are available through the schannel API.

All of the certificate loading and validation is done outside of uv, generally these issues are a problem with the certificate configuration or an upstream bug.

[carlosjourdan]

Thanks for the info @zanieb

I'm unable to replicate the issue now, it was probably something transient within the host environment

[LordFckHelmchen]

For me, the --native-tls option did the trick