poetry fails with pypi.org certificate when I have multiple repositories

• [x ] I am on the latest Poetry version.

• [x ] I have searched the issues of this repo and believe that this is not a duplicate.

• [x ] If an exception occurs when executing a command, I executed it again in debug mode (-vvv option).

• OS version and name: Linux Centos 7 kernel 3.10.0-1062.4.1.el7.x86_64 python 3.6.7, also OSX 10.14.6 with brewed python 3.6.5

• Poetry version: 1.0.10

poetry seems to be unable to contact pypi.org when I use a private repository.

My certificate is self-signed. It uses basic http auth which for this example I added to the config.

Note: I redacted my repository URL, package name and authors data (email).

Steps pyproject.toml generated with poetry init and no deps/dev-deps:

[tool.poetry]
name = "my-poetry-package"
version = "0.0.1"
description = ""
authors = ["ME"]

[[tool.poetry.source]]
name = "my_internal_repo"
url = "https://pypi.PRIVATE.TLD/simple/"

[tool.poetry.dependencies]
python = "^3.6"

[tool.poetry.dev-dependencies]

[build-system]
requires = ["poetry>=0.12"]
build-backend = "poetry.masonry.api"

then add the repository credentials and certificate (it is self-signed) for my internal repo

poetry config repositories.my_internal_repo https://pypi.PRIVATE.TLD/simple
poetry config certificates.my_internal_repo.cert $HOME/my-chain.pem
poetry config http-basic.my_internal_repo USER PASS

Then add the first depedency. my-package depends only on packages on pypi.org (as the logs shows):

$ poetry add -vvv my-package
Using virtualenv: /users/kalfa/Sources/gitlab-ci/.venv
/users/kalfa/.local/lib/python3.6/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for pypi.PRIVATE.TLD has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
Using version ^0.0.92 for my-package

Updating dependencies
Resolving dependencies...
   1: fact: my-poetry-package is 0.0.1
   1: derived: my-poetry-package
   1: fact: my-poetry-package depends on my-package (^0.0.92)
   1: selecting my-poetry-package (0.0.1)
   1: derived: my-package (^0.0.92)
PyPI: No packages found for my-package >=0.0.92,<0.0.93
my_internal_repo: 1 packages found for my-package >=0.0.92,<0.0.93
PyPI: Getting info for my-package (0.0.92) from PyPI
   1: fact: my-package (0.0.92) depends on typing (*)
   1: fact: my-package (0.0.92) depends on numpy (*)
   1: fact: my-package (0.0.92) depends on dataclasses (*)
   1: selecting my-package (0.0.92)
   1: derived: dataclasses (*)
   1: derived: numpy (*)
   1: derived: typing (*)
PyPI: No release information found for numpy-0.9.6, skipping
PyPI: No release information found for numpy-0.9.8, skipping
PyPI: No release information found for numpy-1.0.3, skipping
PyPI: No release information found for numpy-1.0.4, skipping
PyPI: No release information found for numpy-1.0b1, skipping
PyPI: No release information found for numpy-1.0b4, skipping
PyPI: No release information found for numpy-1.0b5, skipping
PyPI: No release information found for numpy-1.0rc1, skipping
PyPI: No release information found for numpy-1.0rc2, skipping
PyPI: No release information found for numpy-1.0rc3, skipping
PyPI: No release information found for numpy-1.1.1, skipping
PyPI: No release information found for numpy-1.2.0, skipping
PyPI: No release information found for numpy-1.2.1, skipping
PyPI: No release information found for numpy-1.4.0, skipping
PyPI: 65 packages found for numpy *
   1: Version solving took 1.055 seconds.
   1: Tried 1 solutions.

[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/dataclasses/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Traceback (most recent call last):
  File "/users/kalfa/.local/lib/python3.6/site-packages/clikit/console_application.py", line 131, in run
    status_code = command.handle(parsed_args, io)
  File "/users/kalfa/.local/lib/python3.6/site-packages/clikit/api/command/command.py", line 120, in handle
    status_code = self._do_handle(args, io)
  File "/users/kalfa/.local/lib/python3.6/site-packages/clikit/api/command/command.py", line 171, in _do_handle
    return getattr(handler, handler_method)(args, io, self)
  File "/users/kalfa/.local/lib/python3.6/site-packages/cleo/commands/command.py", line 92, in wrap_handle
    return self.handle()
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/console/commands/add.py", line 156, in handle
    status = installer.run()
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/installation/installer.py", line 74, in run
    self._do_install(local_repo)
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/installation/installer.py", line 161, in _do_install
    ops = solver.solve(use_latest=self._whitelist)
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/puzzle/solver.py", line 36, in solve
    packages, depths = self._solve(use_latest=use_latest)
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/puzzle/solver.py", line 181, in _solve
    self._package, self._provider, locked=locked, use_latest=use_latest
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/mixology/__init__.py", line 7, in resolve_version
    return solver.solve()
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/mixology/version_solver.py", line 80, in solve
    next = self._choose_package_version()
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/mixology/version_solver.py", line 360, in _choose_package_version
    dependency = min(*unsatisfied, key=_get_min)
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/mixology/version_solver.py", line 353, in _get_min
    return len(self._provider.search_for(dependency))
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/puzzle/provider.py", line 146, in search_for
    repository=dependency.source_name,
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/repositories/pool.py", line 149, in find_packages
    name, constraint, extras=extras, allow_prereleases=allow_prereleases
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/repositories/legacy_repository.py", line 256, in find_packages
    page = self._get('/{}/'.format(canonicalize_name(name).replace('.', '-')))
  File "/users/kalfa/.local/lib/python3.6/site-packages/poetry/repositories/legacy_repository.py", line 425, in _get
    response = self._session.get(url)
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/sessions.py", line 543, in get
    return self.request('GET', url, **kwargs)
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/sessions.py", line 530, in request
    resp = self.send(prep, **send_kwargs)
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/sessions.py", line 665, in send
    history = [resp for resp in gen]
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/sessions.py", line 665, in <listcomp>
    history = [resp for resp in gen]
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/sessions.py", line 245, in resolve_redirects
    **adapter_kwargs
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/sessions.py", line 643, in send
    r = adapter.send(request, **kwargs)
  File "/users/kalfa/.local/lib/python3.6/site-packages/cachecontrol/adapter.py", line 53, in send
    resp = super(CacheControlAdapter, self).send(request, **kw)
  File "/users/kalfa/.local/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
    raise SSLError(e, request=request)

If I try to add a pypi.org package direclty, it gives the same result

$ poetry add dataclasses
/users/kalfa/.local/lib/python3.6/site-packages/urllib3/connection.py:388: SubjectAltNameWarning: Certificate for pypi.PRIVATE.TLD has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning

[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/dataclasses/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

Variations I tried with and without /simple in my-repository URL. Failed for other reasons, but that’s not the issue.

I tried using secondary=true in pyproject.toml for my repository Same problem

I tried using default=true in pyproject.toml for my repository I expected it to not try to contact pypi.org at all, but actually failed with the same exact issue, against pypi.org certificate.

I tried to remove the repository block from pyproject.toml and install poetry add dataclasses

This can access pypi normally.

I tried to download the chain certs for pypi.org and add them to poetry for “PyPI”. Same result

What happened poetry finds my-package in my private repository, but then fails when looking up deps on pypi.org, with

[SSLError]
HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/dataclasses/ (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:847)'),))

like it is trying to use the wrong certificate

Expected results

Finds packges on my private repositories and its deps on pypi.org without certificate problems.