TABLE OF CONTENTS

• Trusted hosts
• Additional Pip arguments

Trusted hosts

In case you tried tried to run a Python custom block that needed some packages installed and encountered an error of "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed" or similar, this article is for you.

In rare situations, depending on your specific operating system, Python installation, or network setup, a Python package installation might fail with the above error. The error can have multiple meanings and causes, which makes it difficult to tell how to mitigate it. It doesn't have to mean that the certificate is actually invalid, but could for example have to do with how the network or a proxy server changes incoming data packages before they are delivered to your computer.

The problem can be fixed by telling Python to implicitly trust the specific host the package is downloaded from, whether or not it has a valid SSL certificate, or is using a secure channel at all.

You should note however that this is a potential security risk. Without a certificate verification it is impossible to tell whether the Python package host is who they say they are.

Such a decision therefore should be made by a server administrator. If they choose to implicitly trust certain hosts, they can be added to a list in the admin menu.

The list can be found in the R-Python admin menu item

Trusted hosts can be added to the list in the Python section

The hosts need to be in a format without any protocol parts. Popular choices are pypi.org or files.pythonhosted.org:

Additional Pip arguments

In addition to trusted hosts, it is possible to supply any kind of argument supported by Pip. 

For a full list, execute

python3 -m pip --help

This makes it possible to e.g. specify proxy settings or other advanced features. The settings are applied to every Custom Block executed.