问题
Goal: I'm on RedHat 5 and trying to install the latest python and django for a web app.
I successfully altinstalled python27 and easy_install, and wget with openssl.
Problem: However now that I try to get anything from pypi.python.org I get the following error:
$ sudo easy_install --verbose django
Searching for django
Reading https://pypi.python.org/simple/django/
Download error on https://pypi.python.org/simple/django/: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Some packages may not be found!
Couldn't find index page for 'django' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
Download error on https://pypi.python.org/simple/: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Some packages may not be found!
No local packages or download links found for django
error: Could not find suitable distribution for Requirement.parse('django')
I tried looking up the certificate of pypi.python.org with openssl s_client -showcert -connect but don't know what to do with it, where to store it. Not much info on google, need expert help.
Thank you!
edit: I meant wget* with openssl.
$ wget http://ftp.gnu.org/gnu/wget/wget-1.15.tar.gz
$ tar -xzf wget-1.15.tar.gz
$ cd wget-1.15
$ ./configure --with-ssl=openssl
$ make
$ sudo make install
I can't get wget to pull the page either:
$ wget https://pypi.python.org/simple/django/
--2014-01-21 11:18:45-- https://pypi.python.org/simple/django/
Resolving pypi.python.org (pypi.python.org)... 199.27.73.185, 199.27.74.184
Connecting to pypi.python.org (pypi.python.org)|199.27.73.185|:443... connected.
ERROR: cannot verify pypi.python.org's certificate, issued by ‘/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3’:
Unable to locally verify the issuer's authority.
To connect to pypi.python.org insecurely, use `--no-check-certificate'.
回答1:
your curl cert is too old try to download new curl cert:
sudo wget http://curl.haxx.se/ca/cacert.pem -O /etc/pki/tls/certs/ca-bundle.crt
回答2:
I found this page after looking for a solution to this problem. In case someone else has similar problem, the solution I found is:
At the start of the setuptools/ssl_support.py file (which is used by easy_install, and is inside the egg file: "./lib/python2.7/site-packages/setuptools-3.5.1-py2.7.egg"), the certificate bundles files are hard-coded in "cert_paths" variable:
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
...etc..
"""
"easy_install" will use the first file that exists from this list, as it calls "find_ca_bundle". If certificates in this cert bundle file are out of date, then easy_install will fail with this SSL error. So need to either update the certificate file or change the "cert_paths" in this ssl_support.py file, to point to a local upto date certs bundle file.
回答3:
I have seen this problem in a specific environment: Mac OS X with macports, installing packages in user's local path. The solution was to install the certificates from curl:
port install curl-ca-bundle
Btw, until you don't have the ceritificates, most of the port, easy_install and pip commands will fail because the ssl error.
回答4:
Try installing pip to do python package installation instead.
You can find the documentation to quick install it and use it here. It's generally a lot better than easy_install.
It also uses SSL by default, and with Requests' certificate stack (derived from mozilla).
You can also find a lot of information on working with python packages in general on the Python Packaging User Guide.
来源:https://stackoverflow.com/questions/21265616/python-easy-install-fails-with-ssl-certificate-error-for-all-packages