Skip to content

fixes Python cert error connecting to pypi.org#441

Merged
jakecoffman merged 3 commits intomainfrom
fix-pypi
May 12, 2025
Merged

fixes Python cert error connecting to pypi.org#441
jakecoffman merged 3 commits intomainfrom
fix-pypi

Conversation

@jakecoffman
Copy link
Member

@jakecoffman jakecoffman commented May 9, 2025

This adds the necessary KeyUsage and ExtKeyUsage fields to the certificate generation function in cadetails.go to ensure that the generated certificate is compatible with Python 3.10.

I'm unsure what the exact requirements are but this seems to do the trick.

Trying to figure out if this is testable.

We will need to make the same change in dependabot-action.

@jakecoffman
Copy link
Member Author

jakecoffman commented May 9, 2025

Confirms this fixes the issue: #442

This was referenced May 9, 2025
Closed
Closed
@jakecoffman jakecoffman marked this pull request as ready for review May 9, 2025 19:05
@jakecoffman jakecoffman requested a review from a team as a code owner May 9, 2025 19:05
@jakecoffman jakecoffman enabled auto-merge May 9, 2025 19:05
@jakecoffman
Copy link
Member Author

jakecoffman commented May 12, 2025

This fix is related to dependabot/dependabot-core#12066.

I verified that running dependabot update pip TheSuperiorStanislav/test-dependabot on main errors with the same error:

proxy | 2025/05/12 14:28:44 [011] WARN: Cannot handshake client pypi.org:443 local error: tls: bad record MAC

Running with this branch the error does not happen.

thavaahariharangit
thavaahariharangit approved these changes May 12, 2025
View reviewed changes
Copy link
Contributor

@thavaahariharangit thavaahariharangit left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I ran the cli against the repo and ensured the fix is working as expected.

Ref: dependabot/dependabot-core#12066 (comment)

@jakecoffman jakecoffman added this pull request to the merge queue May 12, 2025
landongrindheim
landongrindheim approved these changes May 12, 2025
View reviewed changes
Copy link
Contributor

@landongrindheim landongrindheim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd love it if @pavera could take a look at this as well 😄

Merged via the queue into main with commit 3fdb24b May 12, 2025
76 checks passed
@jakecoffman jakecoffman deleted the fix-pypi branch May 12, 2025 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thavaahariharangit thavaahariharangit thavaahariharangit approved these changes

+1 more reviewer

@landongrindheim landongrindheim landongrindheim approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jakecoffman @landongrindheim @thavaahariharangit