If you're reporting an issue for setuptools 0.7 or higher, please use BitBucket

Title SSL errors when using https proxy
Priority bug Status chatting
Superseder Nosy List cmsj, pje
Assigned To Keywords

Created on 2013-07-23.08:11:27 by cmsj, last changed 2013-07-23.17:26:29 by pje.

msg742 (view) Author: pje Date: 2013-07-23.17:26:29
I looked over the underlying urllib2/httplib code a bit, and I did find one bit that appears to be missing (and necessary) to support https proxying.  Try adding this:

            if hasattr(self, '_tunnel') and getattr(self, '_tunnel_host', None):
                self.sock = sock

Right before the 'self.sock = ssl.wrap_socket(...)' line in the connect() method of the VerifyingHTTPSHandler in setuptools.ssl_support.  I'm pretty sure this needs to be there for proxying to work, but I don't know if there's anything else needed *besides* that.  I also don't have any easy way to test this myself.

You might also want to report this issue to the tracker for setuptools 0.7, which is at  This tracker is only for setuptools 0.6, and will be phased out when 0.6 reaches end-of-life.  There are more people at the other tracker and thus a greater likelihood that somebody there knows more about all this.

Still, if this patch does fix your problem (or doesn't), please let me know so I can add the code to 0.6 (or not).  ;-)
msg741 (view) Author: cmsj Date: 2013-07-23.08:11:27
From an image building script from diskimage-builder (part of OpenStack):

+ echo 'http_proxy:'
+ echo 'https_proxy:'
+ bash
root@stonker:/# easy_install os-apply-config
Searching for os-apply-config
Download error on [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol -- Some packages may not be found!
Couldn't find index page for 'os-apply-config' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Download error on [Errno 1] _ssl.c:504: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol -- Some packages may not be found!
No local packages or download links found for os-apply-config
error: Could not find suitable distribution for Requirement.parse('os-apply-config')

(the proxy URL is a very close to stock squid3 configuration on another machine on my LAN, which is used elsewhere in the building script to download OS images, etc, so is not believed to be the issue).

Reading through the setuptools code, I wondered if this is because the VerifyingHTTPSHandler inserted into the urllib2 opener chain, is trying to do direct socket connections. At the point it does that, I inserted a call to has_proxy() on the Request object and it returned False, which confused me as I would expect ProxyHandler to still be in the opener chain.
Date User Action Args
2013-07-23 17:26:29pjesetstatus: unread -> chatting
nosy: + pje
messages: + msg742
2013-07-23 08:11:27cmsjcreate