-
Notifications
You must be signed in to change notification settings - Fork 216
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CA-bundle environment variable has no effect #1233
Comments
Thanks for the pyproj package, and thanks for any help you can provide 🙂 |
Side note: You need to set the environment variables before importing pyproj. The logic is here if you would like to try to debug the issue on your environment. |
The CA Bundle path is set when importing pyproj here. |
Thanks @snowman2, I've updated the example to remove this ambiguity. As mentioned the problem also exists when the environment variable is set at the command line. |
CORRECTION: after some confusion with IDE's and the |
I am seeing this same problem on a machine that needs a specific CA bundle available to access remote resources. I have set Failing MWEfrom pyproj.network import set_ca_bundle_path, set_network_enabled
from pyproj.transformer import Transformer
set_network_enabled(True)
set_ca_bundle_path()
t = Transformer.from_crs("epsg:27700", "epsg:4326")
print(t.transform(0, 0, None, errcheck=True)) Fails with:
Passing MWE:from pyproj.network import set_ca_bundle_path, set_network_enabled
from pyproj.transformer import Transformer
set_network_enabled(True)
set_ca_bundle_path("/path/to/ca-bundle.crt")
t = Transformer.from_crs("epsg:27700", "epsg:4326")
print(t.transform(0, 0, None, errcheck=True)) output:
proj: 9.3.0 |
It looks like the way in which the CA bundle path is initialised in pyproj bulldozes any environment variables pointing to that bundle (see OSGeo/PROJ#3977). The easiest fix would be to remove this line you pointed to previously (@snowman2) as all it is doing is removing all possibility of finding a CA bundle. |
Code Sample, a copy-pastable example if possible
Traceback when not using
set_ca_bundle_path()
:Problem description
Setting
PROJ_CURL_CA_BUNDLE
does not have the same effect asset_ca_bundle_path()
, indeed it doesn't seem to have any effect.Our specific security has made it necessary to use a local certificate file (located at
$SSL_CERT_PATH
in the example above) to allow scripts to access online resources. We can successfully point pyproj/PROJ at this certificate file usingpyproj.network.set_ca_bundle_path()
, but for global user config we would rather use thePROJ_CURL_CA_BUNDLE
environment variable described in the documentation (both pyproj and PROJ docs).Forcing
PROJ_NETWORK=OFF
does not seem like the correct solution, since the tools are ostensibly there to allow using a custom certificate.Expected Output
Setting the
PROJ_CURL_CA_BUNDLE
environment variable should enable Internet access via the referenced certificate file, in the same way thatset_ca_bundle_path()
does.Environment Information
pyproj -v
Installation method
mamba create -n pyproj_report pyproj
(Also seen in several other environments that contain pyproj).
Conda environment information (if you installed with conda):
Environment (
conda list
):Details about
conda
and system (conda info
):The text was updated successfully, but these errors were encountered: