Recently when working on a project where I was building a custom hook on behalf of my customer, I ran into issues firstly with not being able to see the error coming from the build container (as referenced in #250). After finally discovering the error, it turned out to be SSL errors being encountered during the attempt to install dependencies with pip:
connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
Upon further inspection, the build environment has TLS inspection enabled and a self-signed certificate is inserted in the chain. The only way to make installations work in this environment outside of using an authenticated pull-through proxy, is by using --trusted-host xxxxxxxx flags with pip.
I'd like to open this is a potential feature request where a new flag could be submitted along with the cfn submit that would allow for the following flags to be submitted along with the rest of the requisite defaults:
--trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org
The flag to be submitted could look something like cfn submit --trust-self-signed-certs or cfn sub --dry-run --trust-self-signed-certs
Recently when working on a project where I was building a custom hook on behalf of my customer, I ran into issues firstly with not being able to see the error coming from the build container (as referenced in #250). After finally discovering the error, it turned out to be SSL errors being encountered during the attempt to install dependencies with pip:
connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)Upon further inspection, the build environment has TLS inspection enabled and a self-signed certificate is inserted in the chain. The only way to make installations work in this environment outside of using an authenticated pull-through proxy, is by using
--trusted-host xxxxxxxxflags with pip.I'd like to open this is a potential feature request where a new flag could be submitted along with the
cfn submitthat would allow for the following flags to be submitted along with the rest of the requisite defaults:--trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.orgThe flag to be submitted could look something like
cfn submit --trust-self-signed-certsorcfn sub --dry-run --trust-self-signed-certs