Doesn't honor client-cert setting for custom indexes in pip.conf

[gdubicki]

Hi!

I am using my company custom PyPI index with client cert auth, a config like this:

[global]
client-cert=~/.ssh/nexus-repo-cert-key.pem
index=https://repo.company.com/repository/pypi/pypi
index-url=https://repo.company.com/repository/pypi/simple

With this using luddite results with this error:

$ luddite setup.py 
(...)
  File "/opt/homebrew/Cellar/python@3.9/3.9.10/Frameworks/Python.framework/Versions/3.9/lib/python3.9/urllib/request.py", line 1349, in do_open
    raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1129)>

Commenting out the custom index works around the issue.

[wimglenn]

Luddite does not (and will not) actually parse the pip.conf file at all, so maybe it is getting your index from an env var (PIP_INDEX_URL) instead?

Does it work if you export SSL_CERT_FILE=$HOME/.ssh/nexus-repo-cert-key.pem? Luddite uses urllib.request, which I think respects this cert var.

[gdubicki]

I don't have PIP_INDEX_UR set and if only I comment out those 4 lines in ~/.pip/pip.conf luddite starts working.

Setting SSL_CERT_FILE did not help.

[wimglenn]

Ah, I took a closer look and saw that luddite does actually look at pip's config (indirectly) for an index-url auto detection in some cases (src). Yes we could check for a potential client-cert here too.