即使证书链更新,Python(pip)也会抛出

这是以前SOpost的后续。

我正在使用Windows / cygwin,我需要python来理解一个自定义的CA证书,因为networking基础设施将所有的SSL请求与自己的证书分开。

如果我尝试运行pip search SimpleHTTPServer ,我得到以下错误信息:

 ... File "c:\users\erbe\appdata\local\programs\python\python35-32\lib\ssl.py", line 633, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645) 

我尝试通过执行以下操作将证书添加到我的可信证书列表中:

  1. 将我的.pem文件复制到/ etc / pki / ca-trust / source / anchors
  2. update-ca-trust extract

我已经validation了这一点,因为我现在可以指向生成的PEM文件并成功运行pip: pip --cert /usr/local/ssl/cert.pem search SimpleHTTPServer

 $ pip --cert tls-ca-bundle.pem search SimpleHTTPServer ComplexHTTPServer (0.1) - A Multithreaded Python SimpleHTTPServer SimpleTornadoServer (1.0) - better SimpleHTTPServer using tornado rangehttpserver (1.2.0) - SimpleHTTPServer with support for Range requests 

但是,我希望这个工作无需每次手动指定证书。 我希望更新python使用的证书链:

 $ python -c "import ssl; print(ssl.get_default_verify_paths())" DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/ssl/certs') 

我已经通过一系列符号链接validation了/usr/local/ssl/cert.pem指向了同一个文件。 但是,如果我执行pip ,我仍然会得到[SSL: CERTIFICATE_VERIFY_FAILED]错误消息。

我卸载了Windows版本的python,并重新安装了Cygwin版本的python。 有了它,我跑了easy_install-2.7 pip 。 现在至less我可以用完整的证书path执行pip而不会出现错误消息:

 $ pip --cert /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem search simpleHttpServer LittleHTTPServer (0.5.0) - Little bit extended SimpleHTTPServer SimpleHTTP404Server (0.2.0) - A Python SimpleHTTPServer, but serves 404.html if a page is not found. django-localsrv (0.1.2) - Django app for serving static content from different sources (files, strings, urls, etc.) at custom paths, 

为了安全起见,我也试着更新SSL_CERT_DIRvariables来指向/ etc / pki / ca-trust-extracted / pem,并将SSL_CERT_FILE设置为/ etc / pki / ca-trust-extracted / pem / tls-ca-bundle .pem但这些不起作用:

 $ set | grep SSL SSL_CERT_DIR=/etc/pki/ca-trust/extracted/pem SSL_CERT_FILE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem $ python -c "import ssl; print(ssl.get_default_verify_paths())" DefaultVerifyPaths(cafile='/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem', capath='/etc/pki/ca-trust/extracted/pem', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/ssl/certs') $ pip search simpleHttpServer Exception: Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/basecommand.py", line 215, in main status = self.run(options, args) ... ... File "/usr/lib/python2.7/site-packages/pip-8.1.2-py2.7.egg/pip/_vendor/requests/adapters.py", line 477, in send raise SSLError(e, request=request) SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) 

我究竟做错了什么? 这是一个cygwin与Windows的问题? 我需要更新哪些PEM文件?

Solutions Collecting From Web of "即使证书链更新,Python(pip)也会抛出"