SSL error while uploading python package to custom registry using twine

Question

When trying to upload a python custom package to our internal registry its failing with the following error.

 urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='custom-nexus.com’, port=443): Max retries exceeded with url: /repository/pypi-internal/ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

But the same url works fine when accessed through curl. Using curl -v option found that the ca-bundle used was in the location /etc/pki/tls/certs/ca-bundle.crt

So tried providing this in the twine upload command using the --cert option. But then also its not working and failing with the same error.

twine upload --config-file .pypirc   --cert /etc/pki/tls/certs/ca-bundle.crt  -r pypi dist/*

Python version used is 3.6. Please find below the list of library versions.

certifi==2020.4.5
setuptools==46.1.3
wheel==0.34.2
twine==3.1.1
pyOpenSSL==19.1.0

Answer 1

For some reason it didnt work for me even after providing the certificate using --cert option. Might be some issue with the certificate. Then I came across the below hack to skip ssl verification in python requests library

Disable Python requests SSL validation for an imported module

(For anyone who doesn't know, TWINE under the hood also uses python requests library)

Following this, I tried the below command and it worked!

export CURL_CA_BUNDLE="" && twine upload ...