pip.conf not paying attention to trusted-host

Question

I have my pip.conf file as follows:

[global]
trusted-host = <private IP>
extra-index-url = http://<private IP>/pypi

However, whenever I try to install a package (just a test package) from the private pypi repo, I receive an error that instructs me to add --trusted-host <private IP>. If I do, I can successfully install the package, so I know that pip is reading the pip.conf file. Why isn't it respecting the trusted-host config? I've triple checked that the IPs match in the config file.

Several blogs and cursory searches of Google seem to suggest that it should. (https://pseudoscripter.wordpress.com/2016/05/07/pip-the-repository-located-at-some-ip-is-not-a-trusted-or-secure-host-and-is-being-ignored/)

Answer 1

Couldn't this be a problem of different pip.conf having different configurations?According to the official docs:

The names and locations of the configuration files vary slightly across platforms. You may have per-user, per-virtualenv or site-wide (shared amongst all users) configuration.

• On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.
• There is also a legacy per-user configuration file which is also respected, and is located at $HOME/.pip/pip.conf on Unix and macOS.
• Inside a virtualenv, on Unix and macOS the file is $VIRTUAL_ENV/pip.conf
• Site-wide, on Unix the file may be located in /etc/pip.conf. Alternatively it may be in a "pip" subdirectory of any of the paths set in the environment variable XDG_CONFIG_DIRS (if it exists), for example /etc/xdg/pip/pip.conf.