From fdef9e0766aa603c09b5bfeee9acc49357b87fca Mon Sep 17 00:00:00 2001
From: Reinier Criel <reinier.criel@gmail.com>
Date: Wed, 12 Nov 2025 13:11:02 -0800
Subject: [PATCH] Some tweaks

---
 .../safe-chain/src/packagemanager/pip/runPipCommand.js   | 9 +++------
 packages/safe-chain/src/registryProxy/certUtils.js       | 4 ++++
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js
index f2eccc5..440c02b 100644
--- a/packages/safe-chain/src/packagemanager/pip/runPipCommand.js
+++ b/packages/safe-chain/src/packagemanager/pip/runPipCommand.js
@@ -30,7 +30,6 @@ export async function runPip(command, args) {
 
     // To counter behavior that is sometimes seen where pip ignores REQUESTS_CA_BUNDLE/SSL_CERT_FILE,
     // We will set additional env vars for pip
-
     if (!env.PIP_CERT) {
       env.PIP_CERT = combinedCaPath;
     }
@@ -38,15 +37,13 @@ export async function runPip(command, args) {
       const tmpDir = os.tmpdir();
       const pipConfigPath = path.join(tmpDir, `safe-chain-pip-${Date.now()}.ini`);
 
-      // Proxy settings
-      const httpProxy = env.HTTP_PROXY || '';
-      const httpsProxy = env.HTTPS_PROXY || '';
+      // Proxy settings: prefer GLOBAL_AGENT_HTTP_PROXY, then HTTPS_PROXY, then HTTP_PROXY
+      const proxy = env.GLOBAL_AGENT_HTTP_PROXY || env.HTTPS_PROXY || env.HTTP_PROXY || '';
 
       // Build pip config INI
       let pipConfig = '[global]\n';
       pipConfig += `cert = ${combinedCaPath}\n`;
-      if (httpProxy) pipConfig += `proxy = ${httpProxy}\n`;
-      if (httpsProxy) pipConfig += `proxy = ${httpsProxy}\n`;
+      if (proxy) pipConfig += `proxy = ${proxy}\n`;
 
       await fs.writeFile(pipConfigPath, pipConfig);
       env.PIP_CONFIG_FILE = pipConfigPath;
diff --git a/packages/safe-chain/src/registryProxy/certUtils.js b/packages/safe-chain/src/registryProxy/certUtils.js
index a2fb7bb..aa23d79 100644
--- a/packages/safe-chain/src/registryProxy/certUtils.js
+++ b/packages/safe-chain/src/registryProxy/certUtils.js
@@ -48,6 +48,10 @@ export function generateCertForHost(hostname) {
       digitalSignature: true,
       keyEncipherment: true,
     },
+    {
+      name: "extKeyUsage",
+      serverAuth: true,
+    },
   ]);
   cert.sign(ca.privateKey, forge.md.sha256.create());