Goal: I'm on RedHat 5 and trying to install the latest python and django for a web app.
目标:我使用的是RedHat 5,并试图为web应用程序安装最新的python和django。
I successfully altinstalled python27 and easy_install, and wget with openssl.
我成功地安装了python27和easy_install以及使用openssl的wget。
Problem: However now that I try to get anything from pypi.python.org I get the following error:
问题:但是现在我尝试从pypi.python.org上获得任何东西,我得到了以下错误:
$ sudo easy_install --verbose django
Searching for django
Reading https://pypi.python.org/simple/django/
Download error on https://pypi.python.org/simple/django/: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Some packages may not be found!
Couldn't find index page for 'django' (maybe misspelled?)
Scanning index of all packages (this may take a while)
Reading https://pypi.python.org/simple/
Download error on https://pypi.python.org/simple/: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed -- Some packages may not be found!
No local packages or download links found for django
error: Could not find suitable distribution for Requirement.parse('django')
I tried looking up the certificate of pypi.python.org with openssl s_client -showcert -connect but don't know what to do with it, where to store it. Not much info on google, need expert help.
我尝试用openssl s_client -showcert -connect查找pypi.python.org的证书,但是不知道该怎么做,在哪里存储它。关于谷歌的信息不多,需要专家帮助。
Thank you!
谢谢你!
edit: I meant wget* with openssl.
编辑:我指的是带有openssl的wget*。
$ wget http://ftp.gnu.org/gnu/wget/wget-1.15.tar.gz
$ tar -xzf wget-1.15.tar.gz
$ cd wget-1.15
$ ./configure --with-ssl=openssl
$ make
$ sudo make install
I can't get wget to pull the page either:
我也没办法把页面拉出来:
$ wget https://pypi.python.org/simple/django/
--2014-01-21 11:18:45-- https://pypi.python.org/simple/django/
Resolving pypi.python.org (pypi.python.org)... 199.27.73.185, 199.27.74.184
Connecting to pypi.python.org (pypi.python.org)|199.27.73.185|:443... connected.
ERROR: cannot verify pypi.python.org's certificate, issued by ‘/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance CA-3’:
Unable to locally verify the issuer's authority.
To connect to pypi.python.org insecurely, use `--no-check-certificate'.
4 个解决方案
#1
13
your curl cert is too old try to download new curl cert:
你的卷发器太旧了,试着下载新的curl cert:
sudo wget http://curl.haxx.se/ca/cacert.pem -O /etc/pki/tls/certs/ca-bundle.crt
#2
6
I found this page after looking for a solution to this problem. In case someone else has similar problem, the solution I found is:
在寻找这个问题的解决方案后,我找到了这个页面。如果别人也有类似的问题,我找到的解决办法是:
At the start of the setuptools/ssl_support.py file (which is used by easy_install, and is inside the egg file: "./lib/python2.7/site-packages/setuptools-3.5.1-py2.7.egg"), the certificate bundles files are hard-coded in "cert_paths" variable:
在setuptools/ssl_support的开头。py文件(由easy_install使用,并在egg文件中:“./lib/python2.7/site-package /setuptools-3.5.1-py2.7.egg”),证书绑定文件在“cert_paths”变量中硬编码:
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
...etc..
"""
"easy_install" will use the first file that exists from this list, as it calls "find_ca_bundle". If certificates in this cert bundle file are out of date, then easy_install will fail with this SSL error. So need to either update the certificate file or change the "cert_paths" in this ssl_support.py file, to point to a local upto date certs bundle file.
“easy_install”将使用这个列表中存在的第一个文件,因为它调用“find_ca_bundle”。如果这个cert bundle文件中的证书过期了,那么easy_install将会因为这个SSL错误而失败。因此需要更新证书文件或更改ssl_support中的“cert_paths”。py文件,指向本地最新的certs包文件。
#3
2
I have seen this problem in a specific environment: Mac OS X with macports, installing packages in user's local path. The solution was to install the certificates from curl:
我在一个特定的环境中看到了这个问题:Mac OS X和macports,在用户的本地路径中安装包。解决方案是安装curl的证书:
port install curl-ca-bundle
Btw, until you don't have the ceritificates, most of the port, easy_install and pip commands will fail because the ssl error.
顺便说一句,在没有ceritificates之前,大多数端口、easy_install和pip命令都会因为ssl错误而失败。
#4
-1
Try installing pip to do python package installation instead.
尝试安装pip来完成python包的安装。
You can find the documentation to quick install it and use it here. It's generally a lot better than easy_install.
您可以找到文档来快速安装它并在这里使用它。它通常比easy_install要好得多。
It also uses SSL by default, and with Requests' certificate stack (derived from mozilla).
它还默认使用SSL,并使用请求的证书堆栈(源自mozilla)。
You can also find a lot of information on working with python packages in general on the Python Packaging User Guide.
您还可以在python打包用户指南上找到关于使用python包的大量信息。
#1
13
your curl cert is too old try to download new curl cert:
你的卷发器太旧了,试着下载新的curl cert:
sudo wget http://curl.haxx.se/ca/cacert.pem -O /etc/pki/tls/certs/ca-bundle.crt
#2
6
I found this page after looking for a solution to this problem. In case someone else has similar problem, the solution I found is:
在寻找这个问题的解决方案后,我找到了这个页面。如果别人也有类似的问题,我找到的解决办法是:
At the start of the setuptools/ssl_support.py file (which is used by easy_install, and is inside the egg file: "./lib/python2.7/site-packages/setuptools-3.5.1-py2.7.egg"), the certificate bundles files are hard-coded in "cert_paths" variable:
在setuptools/ssl_support的开头。py文件(由easy_install使用,并在egg文件中:“./lib/python2.7/site-package /setuptools-3.5.1-py2.7.egg”),证书绑定文件在“cert_paths”变量中硬编码:
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
...etc..
"""
"easy_install" will use the first file that exists from this list, as it calls "find_ca_bundle". If certificates in this cert bundle file are out of date, then easy_install will fail with this SSL error. So need to either update the certificate file or change the "cert_paths" in this ssl_support.py file, to point to a local upto date certs bundle file.
“easy_install”将使用这个列表中存在的第一个文件,因为它调用“find_ca_bundle”。如果这个cert bundle文件中的证书过期了,那么easy_install将会因为这个SSL错误而失败。因此需要更新证书文件或更改ssl_support中的“cert_paths”。py文件,指向本地最新的certs包文件。
#3
2
I have seen this problem in a specific environment: Mac OS X with macports, installing packages in user's local path. The solution was to install the certificates from curl:
我在一个特定的环境中看到了这个问题:Mac OS X和macports,在用户的本地路径中安装包。解决方案是安装curl的证书:
port install curl-ca-bundle
Btw, until you don't have the ceritificates, most of the port, easy_install and pip commands will fail because the ssl error.
顺便说一句,在没有ceritificates之前,大多数端口、easy_install和pip命令都会因为ssl错误而失败。
#4
-1
Try installing pip to do python package installation instead.
尝试安装pip来完成python包的安装。
You can find the documentation to quick install it and use it here. It's generally a lot better than easy_install.
您可以找到文档来快速安装它并在这里使用它。它通常比easy_install要好得多。
It also uses SSL by default, and with Requests' certificate stack (derived from mozilla).
它还默认使用SSL,并使用请求的证书堆栈(源自mozilla)。
You can also find a lot of information on working with python packages in general on the Python Packaging User Guide.
您还可以在python打包用户指南上找到关于使用python包的大量信息。