标签归档:ssl

使用pip3安装软件包时,“ Python中的ssl模块不可用”

问题:使用pip3安装软件包时,“ Python中的ssl模块不可用”

我已经在本地计算机上成功安装了Python 3.4和Python 3.6,但是无法使用安装软件包pip3

执行时pip3 install <package>,出现以下与SSL相关的错误:

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Collecting <package>
  Could not fetch URL https://pypi.python.org/simple/<package>/: There was a problem confirming the ssl certificate: Can't connect to HTTPS URL because the SSL module is not available. - skipping
  Could not find a version that satisfies the requirement <package> (from versions: )
No matching distribution found for <package>

如何修复Python3.x安装,以便可以使用安装软件包pip install <package>

I’ve install Python 3.4 and Python 3.6 on my local machine successfully, but am unable to install packages with pip3.

When I execute pip3 install <package>, I get the following SSL related error:

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
Collecting <package>
  Could not fetch URL https://pypi.python.org/simple/<package>/: There was a problem confirming the ssl certificate: Can't connect to HTTPS URL because the SSL module is not available. - skipping
  Could not find a version that satisfies the requirement <package> (from versions: )
No matching distribution found for <package>

How can I fix my Python3.x install so that I can install packages with pip install <package>?


回答 0

在Ubuntu中安装Python 3.6和pip3的分步指南

  1. 为Python和ssl安装必要的软件包: $ sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

  2. https://www.python.org/ftp/python/下载“ Python-3.6.8.tar.xz”并将其解压缩到您的主目录中。

  3. 在该目录中打开终端并运行: $ ./configure

  4. 构建并安装: $ sudo make && sudo make install

  5. 使用以下方法安装软件包: $ pip3 install package_name

Step by step guide to install Python 3.6 and pip3 in Ubuntu

  1. Install the necessary packages for Python and ssl: $ sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

  2. Download and unzip “Python-3.6.8.tar.xz” from https://www.python.org/ftp/python/ into your home directory.

  3. Open terminal in that directory and run: $ ./configure

  4. Build and install: $ make && sudo make install

  5. Install packages with: $ pip3 install package_name

Disclaimer: The above commands are not tested in Ubuntu 20.04 LTS.


回答 1

如果您使用的是Red Hat / CentOS:

# To allow for building python ssl libs
yum install openssl-devel
# Download the source of *any* python version
cd /usr/src
wget https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz
tar xf Python-3.6.2.tar.xz 
cd Python-3.6.2

# Configure the build w/ your installed libraries
./configure

# Install into /usr/local/bin/python3.6, don't overwrite global python bin
make altinstall

If you are on Red Hat/CentOS:

# To allow for building python ssl libs
yum install openssl-devel
# Download the source of *any* python version
cd /usr/src
wget https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz
tar xf Python-3.6.2.tar.xz 
cd Python-3.6.2

# Configure the build w/ your installed libraries
./configure

# Install into /usr/local/bin/python3.6, don't overwrite global python bin
make altinstall

回答 2

如果您使用Windows并使用anaconda,则对我有用

我尝试了许多其他无效的解决方案(环境PATH变量更改…)

该问题可能是由其他软件放置在Windows \ System32文件夹中的DLL(例如libcrypto-1_1-x64.dll或libssl-1_1-x64.dll或其他)引起的。

该修补程序是从https://slproweb.com/products/Win32OpenSSL.html安装openSSL的,它将dll替换为较新的版本。

If you are on Windows and use anaconda this worked for me:

I tried a lot of other solutions which did not work (Environment PATH Variable changes …)

The problem can be caused by DLLs in the Windows\System32 folder (e.g. libcrypto-1_1-x64.dll or libssl-1_1-x64.dll or others) placed there by other software.

The fix was installing openSSL from https://slproweb.com/products/Win32OpenSSL.html which replaces the dlls by more recent versions.


回答 3

我在OSX 10.11上遇到了类似的问题,原因是安装了memcached,它在3.6之上安装了python 3.7。

警告:pip配置了需要TLS / SSL的位置,但是Python中的ssl模块不可用。

花了几个小时取消openssl的链接,重新安装,更改路径..无济于事。将openssl版本从改回较旧的版本可以达到目的:

brew switch openssl 1.0.2e

我在互联网上的任何地方都没有看到这个建议。希望它能为某人服务。

I had a similar problem on OSX 10.11 due to installing memcached which installed python 3.7 on top of 3.6.

WARNING: pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

Spent hours on unlinking openssl, reinstalling, changing paths.. and nothing helped. Changing openssl version back from to older version did the trick:

brew switch openssl 1.0.2e

I did not see this suggestion anywhere in internet. Hope it serves someone.


回答 4

同意mastaBlasta的回答。为我工作。我遇到了与主题描述相同的问题。

环境:MacOS Sierra。我用自制的。

我的解决方案:

  1. 通过以下方式重新安装openssl brew uninstall openssl; brew install openssl
  2. 根据Homebrew提供的提示,执行以下操作:

    echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
    export LDFLAGS="-L/usr/local/opt/openssl/lib"
    export CPPFLAGS="-I/usr/local/opt/openssl/include"

Agree with the answer by mastaBlasta. Worked for me. I encountered the same problem as the topic description.

Environment: MacOS Sierra. And I use Homebrew.

My solution:

  1. Reinstall openssl by brew uninstall openssl; brew install openssl
  2. According to the hints given by Homebrew, do the following:

    echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' >> ~/.bash_profile
    export LDFLAGS="-L/usr/local/opt/openssl/lib"
    export CPPFLAGS="-I/usr/local/opt/openssl/include"
    

回答 5

在Ubuntu中,这可以帮助:

cd Python-3.6.2
./configure --with-ssl
make
sudo make install

In Ubuntu, this can help:

cd Python-3.6.2
./configure --with-ssl
make
sudo make install

回答 6

降级openssl对我有用

brew switch openssl 1.0.2s

Downgrading openssl worked for me,

brew switch openssl 1.0.2s

回答 7

该问题可能是由于缺少库引起的。

在安装python 3.6之前,请确保已安装python所需的所有库。

$ sudo apt-get install build-essential checkinstall 
$ sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

有关如何在Ubuntu和LinuxMint上安装Python 3.6.0的更多信息

The problem probably caused by library missing.

Before you install python 3.6, make sure you install all the libraries required for python.

$ sudo apt-get install build-essential checkinstall 
$ sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev

More information in How to Install Python 3.6.0 on Ubuntu & LinuxMint


回答 8

如果您在OSX上并且已经从源代码编译了python:

使用brew安装openssl brew install openssl

确保遵循brew给您的有关设置CPPFLAGS和的说明LDFLAGS。就我而言,我使用的是openssl@1.1brew公式,并且在python构建过程中需要以下3个设置才能正确链接到我的SSL库:

export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@1.1/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"

假设库安装在该位置。

If you are on OSX and have compiled python from source:

Install openssl using brew brew install openssl

Make sure to follow the instructions brew gives you about setting your CPPFLAGS and LDFLAGS. In my case I am using the openssl@1.1 brew formula and I need these 3 settings for the python build process to correctly link to my SSL library:

export LDFLAGS="-L/usr/local/opt/openssl@1.1/lib"
export CPPFLAGS="-I/usr/local/opt/openssl@1.1/include"
export PKG_CONFIG_PATH="/usr/local/opt/openssl@1.1/lib/pkgconfig"

Assuming the library is installed at that location.


回答 9

我在Windows 10上遇到了同样的问题。我的非常具体的问题是由于安装了Anaconda。我安装了Anaconda并在路径下Path/to/Anaconda3/出现了python.exe。因此,我完全没有安装python,因为Anaconda包含python。使用pip安装软件包时,我发现了相同的错误报告pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

解决方案如下:

1)您可以在官方网站上再次下载python

2)导航到目录 "Python 3.7 (64-bit).lnk"位于

3)import sslexit()

4)例如输入cmd "Python 3.7 (64-bit).lnk" -m pip install tensorflow

在这里,您都准备好了。

I encountered the same problem on windows 10. My very specific issue is due to my installation of Anaconda. I installed Anaconda and under the path Path/to/Anaconda3/, there comes the python.exe. Thus, I didn’t install python at all because Anaconda includes python. When using pip to install packages, I found the same error report, pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available..

The solution was the following:

1) you can download python again on the official website;

2) Navigate to the directory where "Python 3.7 (64-bit).lnk"is located

3) import ssl and exit()

4) type in cmd, "Python 3.7 (64-bit).lnk" -m pip install tensorflow for instance.

Here, you’re all set.


回答 10

如果您使用的是Windows和使用Anaconda你可以尝试在Python提示符,而非cmd.exe运行“PIP安装…”命令,为用户willliu1995表明这里。对于我来说,这是最快的解决方案,不需要安装其他组件。

If you are on Windows and use Anaconda you can try running “pip install …” command in Anaconda Prompt instead of cmd.exe, as user willliu1995 suggests here. This was the fastest solution for me, that does not require installation of additional components.


回答 11

我尝试了很多方法来解决此问题,但都没有解决。我目前在Windows 10上。

唯一有效的是:

  • 卸载Anaconda
  • 卸载Python(我使用的是版本3.7.3)
  • 再次安装Python(请记住选择自动添加到PATH的选项)

然后,我使用PIP下载了我需要的所有库…并开始工作!

不知道为什么,或者问题是否与水蟒有关。

I tried A LOT of ways to solve this problem and none solved. I’m currently on Windows 10.

The only thing that worked was:

  • Uninstall Anaconda
  • Uninstall Python (i was using version 3.7.3)
  • Install Python again (remember to check the option to automatically add to PATH)

Then I’ve downloaded all the libs I needed using PIP… and worked!

Don’t know why, or if the problem was somehow related to Anaconda.


回答 12

对于osx brew用户

我的问题似乎与我的python安装有关,并且通过重新安装python3和pip很快得到解决。我认为它在操作系统更新后开始出现异常,但是谁知道(目前我在Mac OS 10.14.6上)

brew reinstall python3 --force
# setup pip
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
# installa pkg successfully 
pip install pandas

for osx brew users

my issue appeared related to my python installation and was quickly resolved by re-installing python3 and pip. i think it started misbehaving after an OS update but who knows (at this time I am on Mac OS 10.14.6)

brew reinstall python3 --force
# setup pip
curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py
python3 get-pip.py
# installa pkg successfully 
pip install pandas

回答 13

您可以执行以下两个操作之一:

  1. 在安装Anaconda时,选择将Anaconda添加到path的选项。

要么

  1. 从Anaconda的安装文件夹中找到这些(完整)路径,并将它们添加到环境变量中

\ Anaconda

\ Anaconda \ Library \ mingw-w64 \ bin

\ Anaconda \ Library \ usr \ bin

\ Anaconda \ Library \ bin

\ Anaconda \脚本

\ anaconda \ Library

\ anaconda \ condabin

将以上路径添加到“ Path”系统变量中,它应该不再显示错误:)

You can do either of these two:

  1. While installing Anaconda, select the option to add Anaconda to the path.

or

  1. Find these (complete) paths from your installation folder of Anaconda and add them to the environment variable :

\Anaconda

\Anaconda\Library\mingw-w64\bin

\Anaconda\Library\usr\bin

\Anaconda\Library\bin

\Anaconda\Scripts

\anaconda\Library

\anaconda\condabin

Add the above paths to the “Path” system variable and it should show the error no more :)


回答 14

我遇到了同样的问题,可以通过以下步骤解决:

sudo yum install -y libffi-devel
sudo yum install openssl-devel
cd /usr/src
sudo wget https://www.python.org/ftp/python/3.7.1/Python-3.7.1.tar.xz
sudo tar xf Python-3.7.1.tar.xz
cd Python-3.7.1
sudo ./configure --enable-optimizations
# Install into /usr/local/bin/python3.7, don't overwrite global python bin
sudo make altinstall

根据烫发的不同,您可能不需要sudo。

Results:
Collecting setuptools
Collecting pip
Installing collected packages: setuptools, pip
Successfully installed pip-10.0.1 setuptools-39.0.1

现在应该可以运行了

python3.7 -V 

pip3.7 -V

安装软件包时:

pip3.7 install pandas

或根据权限,还可以添加–user标志,如下所示:

pip3.7 install pandas --user

I was having the same issue and was able to resolve with the following steps:

sudo yum install -y libffi-devel
sudo yum install openssl-devel
cd /usr/src
sudo wget https://www.python.org/ftp/python/3.7.1/Python-3.7.1.tar.xz
sudo tar xf Python-3.7.1.tar.xz
cd Python-3.7.1
sudo ./configure --enable-optimizations
# Install into /usr/local/bin/python3.7, don't overwrite global python bin
sudo make altinstall

depending on perms, you may not need sudo.

Results:
Collecting setuptools
Collecting pip
Installing collected packages: setuptools, pip
Successfully installed pip-10.0.1 setuptools-39.0.1

should now be able to run

python3.7 -V 

and

pip3.7 -V

When installing packages:

pip3.7 install pandas

or depending on perms, you can also add the –user flag like so:

pip3.7 install pandas --user

回答 15

ssl模块是TLS / SSL包装器,用于访问Operation Sytem(OS)套接字(Lib / ssl.py)。因此,当ssl模块不可用时,很可能您没有安装OS OpenSSL库,或者在安装Python时找不到这些库。假设是一种较晚的情况(又名:您已经安装了OpenSSL,但是在安装Python时未正确链接它们)。

我还将假设您是从源代码安装的。如果要从二进制文件(即Window .exe文件)或软件包(Mac .dmg或Ubuntu apt)进行安装,则安装过程将无济于事。

在配置python安装的步骤中,您需要指定OS OpenSSL用于链接的位置:

# python 3.8 beta
./configure --with-openssl="your_OpenSSL root"

那么,在哪里可以找到已安装的OpenSSL目录?

# ubuntu 
locate ssl.h | grep '/openssl/ssl.h'

/home/user/.linuxbrew/Cellar/openssl/1.0.2r/include/openssl/ssl.h
/home/user/envs/py37/include/openssl/ssl.h
/home/user/miniconda3/envs/py38b3/include/openssl/ssl.h
/home/user/miniconda3/include/openssl/ssl.h
/home/user/miniconda3/pkgs/openssl-1.0.2s-h7b6447c_0/include/openssl/ssl.h
/home/user/miniconda3/pkgs/openssl-1.1.1b-h7b6447c_1/include/openssl/ssl.h
/home/user/miniconda3/pkgs/openssl-1.1.1c-h7b6447c_1/include/openssl/ssl.h
/usr/include/openssl/ssl.h

您的系统可能与我的系统不同,但是正如您在此处看到的,我安装了许多不同的openssl库。在撰写本文时,python 3.8期望openssl 1.0.2或1.1:

Python需要具有X509_VERIFY_PARAM_set1_host()的OpenSSL 1.0.2或1.1兼容libssl。

因此,您将需要验证可用于链接的已安装库中的哪一个,例如

/usr/bin/openssl version

OpenSSL 1.0.2g  1 Mar 2016
./configure --with-openssl="/usr"
make && make install

您可能需要尝试一些或安装新的库,以找到适用于您的Python和OS的库。

The ssl module is a TLS/SSL wrapper for accessing Operation Sytem (OS) socket (Lib/ssl.py). So when ssl module is not available, chances are that you either don’t have OS OpenSSL libraries installed, or those libraries were not found when you install Python. Let assume it is a later case (aka: you already have OpenSSL installed, but they are not correctly linked when installing Python).

I will also assume you are installing from source. If you are installing from binary (ie: Window .exe file), or package (Mac .dmg, or Ubuntu apt), there is not much you can do with the installing process.

During the step of configuring your python installation, you need to specify where the OS OpenSSL will be used for linking:

# python 3.8 beta
./configure --with-openssl="your_OpenSSL root"

So where will you find your installed OpenSSL directory?

# ubuntu 
locate ssl.h | grep '/openssl/ssl.h'

/home/user/.linuxbrew/Cellar/openssl/1.0.2r/include/openssl/ssl.h
/home/user/envs/py37/include/openssl/ssl.h
/home/user/miniconda3/envs/py38b3/include/openssl/ssl.h
/home/user/miniconda3/include/openssl/ssl.h
/home/user/miniconda3/pkgs/openssl-1.0.2s-h7b6447c_0/include/openssl/ssl.h
/home/user/miniconda3/pkgs/openssl-1.1.1b-h7b6447c_1/include/openssl/ssl.h
/home/user/miniconda3/pkgs/openssl-1.1.1c-h7b6447c_1/include/openssl/ssl.h
/usr/include/openssl/ssl.h

Your system may be different than mine, but as you see here I have many different installed openssl libraries. As the time of this writing, python 3.8 expects openssl 1.0.2 or 1.1:

Python requires an OpenSSL 1.0.2 or 1.1 compatible libssl with X509_VERIFY_PARAM_set1_host().

So you would need to verify which of those installed libraries that you can use for linking, for example

/usr/bin/openssl version

OpenSSL 1.0.2g  1 Mar 2016
./configure --with-openssl="/usr"
make && make install

You may need to try a few, or install a new, to find the library that would work for your Python and your OS.


回答 16

在使用Mac的情况下,我删除了 /Applications/Python 3.7。因为我已经有了Python3.7brew install python3

但这是信息的触发

pip配置了需要TLS / SSL的位置,但是Python中的ssl模块不可用。

我在情况下所做的

  1. 我再次下载了macOS 64位安装程序,并进行了安装。
  2. 双击/Applications/Python3.6/Install Certificates.command/Applications/Python3.6/Update Shell Profile.command
  3. 重新启动Mac
  4. 我不确定但可能对成功有所贡献pip.conf。请参阅pip安装失败

In my case with using Mac, I deleted /Applications/Python 3.7. because I already had Python3.7 by brew install python3 .

But it was a trigger of the message

pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.

What I did in my situation

  1. I downloaded macOS 64-bit installer again, and installed.
  2. Double click /Applications/Python3.6/Install Certificates.command and /Applications/Python3.6/Update Shell Profile.command.
  3. Reboot mac
  4. And I am not sure but possibly contributed to succeed is pip.conf. See pip install fails.

回答 17

我终于解决了这个问题。这些是我的环境的详细信息:
要安装的Python版本:3.6.8
操作系统:Ubuntu 16.04.6 LTS
根访问权限:否

有些人建议安装libssl-dev,但对我而言不起作用。我点击此链接,并对其进行了修复!
简而言之,我下载,提取,构建和安装OpenSSL(openssl-1.1.1b.tar.gz)。然后,我通过该链接修改.bashrc文件。 接下来,我下载并解压缩Python-3.6.8.tgz。我编辑Modules / Setup.dist来修改SSL路径(#211周围的行)。我做了,和。最后,我修改了。请注意,我没有包含在中。
./configure --prefix=$HOME/opt/python-3.6.8makemake install.bashrc--enable-optimizations./configure

I finally solve this issue. These are the detail of my env:
Version of Python to install: 3.6.8
OS: Ubuntu 16.04.6 LTS
Root access: No

Some people suggest to install libssl-dev, but it did not work for me. I follow this link and I fixed it!
In short, I download, extract, build, and install OpenSSL (openssl-1.1.1b.tar.gz). Then, I modify .bashrc file follow this link.
Next, I download and extract Python-3.6.8.tgz. I edit Modules/Setup.dist to modify SSL path (lines around #211). I did ./configure --prefix=$HOME/opt/python-3.6.8, make and make install. Last, I modify my .bashrc. Notice that I do not include --enable-optimizations in ./configure.


回答 18

在macOS上,使用以下命令配置python 3.8.1将解决此问题,我认为它也可以在Linux上运行。

./configure --enable-optimizations --with-openssl=/usr/local/opt/openssl@1.1/

根据您的系统更改dir参数。

On macos, configure python 3.8.1 with the command below will solve the problem, i think it would also work on Linux.

./configure --enable-optimizations --with-openssl=/usr/local/opt/openssl@1.1/

change the dir parameter based on your system.


回答 19

如果您使用的是OSX,以防其他解决方案对您不起作用(就像我一样)。

您可以尝试卸载python3并升级pip3

brew uninstall --ignore-dependencies python3
pip3 install --upgrade pip   

这对我有用;)

If you are on OSX and in case the other solutions didn’t work for you (just like me).

You can try uninstalling python3 and upgrade pip3

brew uninstall --ignore-dependencies python3
pip3 install --upgrade pip   

This worked for me ;)


回答 20

(在Windows上不!)

这使我把头发扯了一个星期,所以我希望这可以帮助某人

除了重新安装Anaconda和/或Jupyter外,我尝试了所有尝试。

建立

  • AWS Linux
  • 手动安装的Anaconda 3-5.3.0
  • Python3(3.7)在anaconda内部运行(即./anaconda3/bin/python
  • 也有/usr/bin/python/usr/bin/python3(但大部分工作在Jupyter的终端做这些没有被使用)

固定

在Jupyter的终端中:

cp /usr/lib64/libssl.so.10 ./anaconda3/lib/libssl.so.1.0.0

cp /usr/lib64/libcrypto.so.10 ./anaconda3/lib/libcrypto.so.1.0.0

是什么触发了这个?

所以,这一切都是有效的,直到我尝试做一个 conda install conda-forge

我不确定发生了什么,但是conda必须已更新 openssl在包装盒上(我猜是这样),所以在此之后,一切都坏了。

基本上,不认得我,畅达了OpenSSL更新,但不知何故,删除旧的图书馆,取而代之的是libssl.so.1.1libcrypto.so.1.1

我猜Python3是为了寻找而编译的 libssl.so.1.0.0

最后,诊断的关键是:

python -c "import ssl; print (ssl.OPENSSL_VERSION)"

给出了线索 library "libssl.so.1.0.0" not found

我做出的巨大假设是yumssl 的版本与conda版本,因此只要重命名共享库就可以了,而且确实如此。

我的另一个解决方案是重新编译python,重新安装anaconda等,但是最后我很高兴我不需要。

希望这可以帮助你们。

(NOT on Windows!)

This made me tear my hair out for a week, so I hope this will help someone

I tried everything short of re-installing Anaconda and/or Jupyter.

Setup

  • AWS Linux
  • Manually installed Anaconda 3-5.3.0
  • Python3 (3.7) was running inside anaconda (ie, ./anaconda3/bin/python)
  • there was also /usr/bin/python and /usr/bin/python3 (but these were not being used as most of the work was done in Jupyter’s terminal)

Fix

In Jupyter’s terminal:

cp /usr/lib64/libssl.so.10 ./anaconda3/lib/libssl.so.1.0.0

cp /usr/lib64/libcrypto.so.10 ./anaconda3/lib/libcrypto.so.1.0.0

What triggered this?

So, this was all working until I tried to do a conda install conda-forge

I’m not sure what happened, but conda must have updated openssl on the box (I’m guessing) so after this, everything broke.

Basically, unknown to me, conda had updated openssl, but somehow deleted the old libraries and replaced it with libssl.so.1.1 and libcrypto.so.1.1.

Python3, I guess, was compiled to look for libssl.so.1.0.0

In the end, the key to diagnosis was this:

python -c "import ssl; print (ssl.OPENSSL_VERSION)"

gave the clue library "libssl.so.1.0.0" not found

The huge assumption I made is that the yum version of ssl is the same as the conda version, so just renaming the shared object might work, and it did.

My other solution was to re-compile python, re-install anaconda, etc, but in the end I’m glad I didn’t need to.

Hope this helps you guys out.


回答 21

pyenv用于管理Mac OS Catalina上的python安装的情况下,我必须先openssl使用brew 安装,然后再运行pyenv install 3.7.8,这似乎是使用opensslfrom homebrew 来构建python安装的(甚至在安装输出中也是如此)。然后pyenv global 3.7.8,我不在了。

In the case of using pyenv to manage python installations on Mac OS Catalina, I had to install openssl with brew first and then after that run pyenv install 3.7.8 which seemed to build the python installation using the openssl from homebrew (it even said as such in the installation output). Then pyenv global 3.7.8 and I was away.


回答 22

我可以通过更新此文件中的python版本来解决此问题。pyenv:未安装版本“ 3.6.5”(由/Users/taruntarun/.python-version设置)尽管我安装了最新版本,但我的命令仍在使用旧版本3.6.5

移至版本3.7.3

I was able to fix this by updating the python version in this file. pyenv: version `3.6.5′ is not installed (set by /Users/taruntarun/.python-version) Though i had the latest version installed, my command was still using old version 3.6.5

Moving to version 3.7.3


回答 23

最近两天我遇到了同样的问题,现在才解决。

我曾试图使用--trust-host与该选项DigiCert_High_Assurance_EV_Root_CA.pem没有工作,我无法安装SSL模块(它告诉它不能被安装Python版本大于2.6),设置$PIP_CERT可变没修好,要么,我不得不libssl1.0.2libssl1.0.0安装。还值得一提的是,我没有~/.pip/pip.conf文件,创建文件也无法解决该错误。

最终解决问题的是make再次安装了python3.6 。从网站上下载的Python-3.6.0.tgz,跑configure那么makemake testmake install。希望对你有效。

I was having the same problem for the last two days and only have fixed it right now.

I had tried to use --trust-host option with the DigiCert_High_Assurance_EV_Root_CA.pem did not work, I couldn’t install the ssl module (It tells it cannot be installed for python versions greater than 2.6), setting the $PIP_CERT variable didn’t fix it either and I had libssl1.0.2 and libssl1.0.0 installed. Also worth mentioning I didn’t had a ~/.pip/pip.conf file, and creating it didn’t solve the bug either.

What finally solved it, was installing python3.6 with make again. Download the Python-3.6.0.tgz from the website, run configure then make, make test and make install. Hope it works for you.


回答 24

Python文档实际上是很明确的,按照指示做了,而其他的答案我发现这里并没有解决这个问题的工作。

  1. 首先,使用例如版本3.6.2 https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz从源安装python3.xx。

  2. 确保通过运行安装了openssl brew install openssl

  3. 解压缩并移至python目录: tar xvzf Python-3.6.2.tar.xz && cd Python-3.6.2

  4. 然后,如果python版本<3.7,请运行

CPPFLAGS="-I$(brew --prefix openssl)/include" \ LDFLAGS="-L$(brew --prefix openssl)/lib" \ ./configure --with-pydebug 5.最后,运行make -s -j2-s是无声标志,-j2告诉您的计算机使用2个作业)

The python documentation is actually very clear, and following the instructions did the job whereas other answers I found here were not fixing this issue.

  1. first, install python 3.x.x from source using, for example with version 3.6.2 https://www.python.org/ftp/python/3.6.2/Python-3.6.2.tar.xz

  2. make sure you have openssl installed by running brew install openssl

  3. unzip it and move to the python directory: tar xvzf Python-3.6.2.tar.xz && cd Python-3.6.2

  4. then if the python version is < 3.7, run

CPPFLAGS="-I$(brew --prefix openssl)/include" \ LDFLAGS="-L$(brew --prefix openssl)/lib" \ ./configure --with-pydebug 5. finallly, run make -s -j2 (-s is the silent flag, -j2 tells your machine to use 2 jobs)


回答 25

我在尝试在ubuntu14.04机器上安装python3.7时遇到了同样的问题。问题是我在PKG_CONFIG_PATH和LD_LIBRARY_PATH中有一些自定义文件夹,这阻止了python构建过程来找到系统openssl库。

因此,请尝试清除它们并查看会发生什么情况:

export PKG_CONFIG_PATH=""
export LD_LIBRARY_PATH=""

I had the same issue trying to install python3.7 on an ubuntu14.04 machine. The issue was that I had some custom folders in my PKG_CONFIG_PATH and in my LD_LIBRARY_PATH, which prevented the python build process to find the system openssl libraries.

so try to clear them and see what happens:

export PKG_CONFIG_PATH=""
export LD_LIBRARY_PATH=""

回答 26

好的,对此的最新答案是,截至目前,请勿使用Python 3.8,仅使用3.7或更小版本,因为大多数库由于上述错误而无法安装

Ok the latest answer to this, as of now don’t use Python 3.8, use only 3.7 or less , because of most of the libraries fail to install with the above error


使用请求包时发生SSL InsecurePlatform错误

问题:使用请求包时发生SSL InsecurePlatform错误

我正在使用Python 2.7.3和请求。我通过pip安装了Requests。我相信这是最新版本。我正在Debian Wheezy上运行。

过去,我已经使用Requests很多次了,但是从未遇到过这个问题,但是当Requests我发出https请求时,似乎出现了InsecurePlatform异常。

错误提到urllib3,但我没有安装。我确实安装了它以检查它是否解决了错误,但是没有成功。

/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3
/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not
available. This prevents urllib3 from configuring SSL appropriately and 
may cause certain SSL connections to fail. For more information, see 
https://urllib3.readthedocs.org/en/latest  
/security.html#insecureplatformwarning.

关于我为什么要得到这个的任何想法?我已经按照错误消息中的说明检查了文档,但是文档说要导入urllib3并禁用警告或提供证书。

Im using Python 2.7.3 and Requests. I installed Requests via pip. I believe it’s the latest version. I’m running on Debian Wheezy.

I’ve used Requests lots of times in the past and never faced this issue, but it seems that when making https requests with Requests I get an InsecurePlatform exception.

The error mentions urllib3, but I don’t have that installed. I did install it to check if it resolved the error, but it didn’t.

/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3
/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not
available. This prevents urllib3 from configuring SSL appropriately and 
may cause certain SSL connections to fail. For more information, see 
https://urllib3.readthedocs.org/en/latest  
/security.html#insecureplatformwarning.

Any ideas as to why I’m getting this? I’ve checked the docs, as specified in the error message, but the docs are saying to import urllib3 and either disable the warning, or provide a certificate.


回答 0

使用有些隐藏的安全功能:

pip install requests[security] 要么 pip install pyOpenSSL ndg-httpsclient pyasn1

这两个命令都安装以下额外的软件包:

  • pyOpenSSL
  • 密码学
  • 艾德娜

请注意,这对于python-2.7.9 +不是必需的。

如果pip install失败并显示错误,请检查您是否具有必需的开发包libffilibssl使用发行版的包管理器将其python安装在系统中:

  • Debian的 / Ubuntu的python-dev libffi-dev libssl-dev包。

  • Fedora的openssl-devel python-devel libffi-devel包。

上面的发行列表不完整。

解决方法请参阅@TomDotTom的原始答案

万一您无法安装某些必需的开发包,还有一个选项可以禁用该警告:

import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()

如果您pip自己受到InsecurePlatformWarningPyPI的影响并且无法从PyPI安装任何东西,则可以通过此分步指南进行修复,以手动部署其他python软件包。

Use the somewhat hidden security feature:

pip install requests[security] or pip install pyOpenSSL ndg-httpsclient pyasn1

Both commands install following extra packages:

  • pyOpenSSL
  • cryptography
  • idna

Please note that this is not required for python-2.7.9+.

If pip install fails with errors, check whether you have required development packages for libffi, libssl and python installed in your system using distribution’s package manager:

  • Debian/Ubuntupython-dev libffi-dev libssl-dev packages.

  • Fedoraopenssl-devel python-devel libffi-devel packages.

Distro list above is incomplete.

Workaround (see the original answer by @TomDotTom):

In case you cannot install some of the required development packages, there’s also an option to disable that warning:

import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()

If your pip itself is affected by InsecurePlatformWarning and cannot install anything from PyPI, it can be fixed with this step-by-step guide to deploy extra python packages manually.


回答 1

在2.6版之前,Requests 2.6针对python的用户引入了此警告,仅提供了可用的SSL模块。

假设您无法升级到新版本的python,这将安装更多最新的python SSL库:

pip install --upgrade ndg-httpsclient 

但是,在某些没有pyOpenSSL的构建依赖性的系统上,这可能会失败。在debian系统上,在上面的pip命令之前运行此命令足以使pyOpenSSL构建:

apt-get install python-dev libffi-dev libssl-dev

Requests 2.6 introduced this warning for users of python prior to 2.7.9 with only stock SSL modules available.

Assuming you can’t upgrade to a newer version of python, this will install more up-to-date python SSL libraries:

pip install --upgrade ndg-httpsclient 

HOWEVER, this may fail on some systems without the build-dependencies for pyOpenSSL. On debian systems, running this before the pip command above should be enough for pyOpenSSL to build:

apt-get install python-dev libffi-dev libssl-dev

回答 2

我不会在生产中使用它,只是一些测试跑步者。并重申urllib3文档

如果您知道自己在做什么,并想禁用此​​警告和其他警告

import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()

编辑/更新:

以下内容也应该起作用:

import logging
import requests

# turn down requests log verbosity
logging.getLogger('requests').setLevel(logging.CRITICAL)

I don’t use this in production, just some test runners. And to reiterate the urllib3 documentation

If you know what you are doing and would like to disable this and other warnings

import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()

Edit / Update:

The following should also work:

import logging
import requests

# turn down requests log verbosity
logging.getLogger('requests').setLevel(logging.CRITICAL)

回答 3

如果您无法将Python版本升级到2.7.9,并希望禁止显示警告,

您可以将“请求”版本降级为2.5.3:

sudo pip install requests==2.5.3

关于版本:http : //fossies.org/diffs/requests/2.5.3_vs_2.6.0/requests/packages/urllib3/util/ssl_.py-diff.html

If you are not able to upgrade your Python version to 2.7.9, and want to suppress warnings,

you can downgrade your ‘requests’ version to 2.5.3:

sudo pip install requests==2.5.3

About version: http://fossies.org/diffs/requests/2.5.3_vs_2.6.0/requests/packages/urllib3/util/ssl_.py-diff.html


回答 4

实际上,您可以尝试一下。

requests.post("https://www.google.com", verify=False)

您可以阅读请求代码。

"C:\Python27\Lib\site-packages\requests\sessions.py"

class Session(SessionRedirectMixin):
......
 def request(self, method, url,
    params=None,
    data=None,
    headers=None,
    cookies=None,
    files=None,
    auth=None,
    timeout=None,
    allow_redirects=True,
    proxies=None,
    hooks=None,
    stream=None,
    verify=None,  # <========
    cert=None):
    """
    ...
    :param verify: (optional) if True, the SSL cert will be verified.
         A CA_BUNDLE path can also be provided.
    ...
    """

In fact, you can try this.

requests.post("https://www.google.com", verify=False)

you can read the code for requests.

"C:\Python27\Lib\site-packages\requests\sessions.py"

class Session(SessionRedirectMixin):
......
 def request(self, method, url,
    params=None,
    data=None,
    headers=None,
    cookies=None,
    files=None,
    auth=None,
    timeout=None,
    allow_redirects=True,
    proxies=None,
    hooks=None,
    stream=None,
    verify=None,  # <========
    cert=None):
    """
    ...
    :param verify: (optional) if True, the SSL cert will be verified.
         A CA_BUNDLE path can also be provided.
    ...
    """

回答 5

这里给出的所有解决方案都没有帮助(我仅限于python 2.6.6)。我在一个简单的开关中找到了要传递给pip的答案:

$ sudo pip install --trusted-host pypi.python.org <module_name>

这告诉pip,可以从pypi.python.org抓取模块。

对我来说,问题是防火墙后的我公司的代理服务器,使它看起来像某些服务器的恶意客户端。万岁安全。


更新:有关PyPi域中的更改以及可以添加的其他选项,请参见@Alex 的 答案--trusted-host。(我将在此处复制/粘贴,但是他的回答是,所以+1)

All of the solutions given here haven’t helped (I’m constrained to python 2.6.6). I’ve found the answer in a simple switch to pass to pip:

$ sudo pip install --trusted-host pypi.python.org <module_name>

This tells pip that it’s OK to grab the module from pypi.python.org.

For me, the issue is my company’s proxy behind it’s firewall that makes it look like a malicious client to some servers. Hooray security.


Update: See @Alex ‘s answer for changes in the PyPi domains, and additional --trusted-host options that can be added. (I’d copy/paste here, but his answer, so +1 him)


回答 6

这个答案无关紧要,但是如果您想摆脱警告并从请求中获得以下警告:

InsecurePlatformWarning /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

您可以通过将以下行添加到python代码中来禁用它:

requests.packages.urllib3.disable_warnings()

This answer is unrelated, but if you wanted to get rid of warning and get following warning from requests:

InsecurePlatformWarning /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.

You can disable it by adding the following line to your python code:

requests.packages.urllib3.disable_warnings()


回答 7

我必须先去bash(从ZSH)。然后

sudo -H pip install 'requests[security]' --upgrade

解决了问题。

I had to go to bash (from ZSH) first. Then

sudo -H pip install 'requests[security]' --upgrade

fixed the problem.


回答 8

过去的一周来了,我在Ubuntu 14.04(与Python 2.7.6),我做了之后apt-get dist-upgrade,包括libssl1.1:amd64deb.sury.org

由于我是certbot-auto renew来自Cron作业,因此我也使用--no-self-upgrade来减少计划外的维护。这似乎是麻烦的根源。

要解决该错误,我所需要做的就是成为root用户(使用su--login开关),然后certbot-auto进行自我升级。即:

sudo su --login
/usr/local/bin/certbot-auto renew 
# ... Upgrading certbot-auto 0.8.1 to 0.18.2... blah blah blah ...

而不是通常从root的crontab运行的内容:

5 7 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade

之后,letsencrypt renwals再次正常运行。

This came up for me on Ubuntu 14.04 (with Python 2.7.6) last week after i did a apt-get dist-upgrade that included libssl1.1:amd64 from deb.sury.org.

Since I run certbot-auto renew from a cron job, I also use the --no-self-upgrade to cut down on unscheduled maintenance. This seems to have been the source of the trouble.

To fix the error, all I needed to do was become root (with su‘s --login switch) and let certbot-auto upgrade itself. I.e:

sudo su --login
/usr/local/bin/certbot-auto renew 
# ... Upgrading certbot-auto 0.8.1 to 0.18.2... blah blah blah ...

instead of what normally runs from root’s crontab:

5 7 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade

After that, letsencrypt renwals ran normally once again.


回答 9

对我来说没有工作,我需要升级点…。

Debian / Ubuntu

安装依赖

sudo apt-get install libpython-dev libssl-dev libffi-dev

升级pip并安装软件包

sudo pip install -U pip
sudo pip install -U pyopenssl ndg-httpsclient pyasn1

如果要删除依赖项

sudo apt-get remove --purge libpython-dev libssl-dev libffi-dev
sudo apt-get autoremove

For me no work i need upgrade pip….

Debian/Ubuntu

install dependencies

sudo apt-get install libpython-dev libssl-dev libffi-dev

upgrade pip and install packages

sudo pip install -U pip
sudo pip install -U pyopenssl ndg-httpsclient pyasn1

If you want remove dependencies

sudo apt-get remove --purge libpython-dev libssl-dev libffi-dev
sudo apt-get autoremove

回答 10

我在CentOS 5服务器上遇到了类似的问题,在较旧版本的python2.7之上的/ usr / local中安装了python 2.7.12。目前尚无法在此服务器上升级到CentOS 6或7。

某些python 2.7模块仍旧存在于较早版本的python中,但是pip升级失败,因为CentOS 5软件包不支持较新的加密软件包。

具体来说,“ pip安装请求[安全]”失败了,因为CentOS 5上的openssl版本是0.9.8e,而加密> 1.4.0不再支持。

为了解决OP的原始问题,我做到了:

1) pip install 'cryptography<1.3.5,>1.3.0'.  

此安装的加密技术1.3.4可与openssl-0.9.8e一起使用。cryptograpy 1.3.4也足以满足以下命令的要求。

2) pip install 'requests[security]'

现在安装此命令,因为它不会尝试安装> 1.4.0的密码。

请注意,在Centos 5上,我还需要:

yum install openssl-devel

允许建立密码

I just had a similar issue on a CentOS 5 server where I installed python 2.7.12 in /usr/local on top of a much older version of python2.7. Upgrading to CentOS 6 or 7 isn’t an option on this server right now.

Some of the python 2.7 modules were still existing from the older version of python, but pip was failing to upgrade because the newer cryptography package is not supported by the CentOS 5 packages.

Specifically, ‘pip install requests[security]’ was failing because the openssl version on the CentOS 5 was 0.9.8e which is no longer supported by cryptography > 1.4.0.

To solve the OPs original issue I did:

1) pip install 'cryptography<1.3.5,>1.3.0'.  

This installed cryptography 1.3.4 which works with openssl-0.9.8e. cryptograpy 1.3.4 is also sufficient to satisfy the requirement for the following command.

2) pip install 'requests[security]'

This command now installs because it doesn’t try to install cryptography > 1.4.0.

Note that on Centos 5 I also needed to:

yum install openssl-devel

To allow cryptography to build


回答 11

下面是它在Python 3.6上对我的工作方式:

import requests
import urllib3

# Suppress InsecureRequestWarning: Unverified HTTPS
urllib3.disable_warnings()

Below is how it’s working for me on Python 3.6:

import requests
import urllib3

# Suppress InsecureRequestWarning: Unverified HTTPS
urllib3.disable_warnings()

回答 12

不要安装pyOpenSSL,因为它将很快被弃用。目前最好的方法是-

import requests
requests.packages.urllib3.disable_warnings()

Dont install pyOpenSSL as it shall soon be deprecated. Current best approach is-

import requests
requests.packages.urllib3.disable_warnings()

回答 13

如果您只想停止不安全的警告,例如:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:794:InsecureRequestWarning:发出未经验证的HTTPS请求。强烈建议添加证书验证。请参阅: https: //urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning)

做:

requests.METHOD("https://www.google.com", verify=False)

验证=假

是关键,以下方面并不擅长:

requests.packages.urllib3.disable_warnings()

要么

urllib3.disable_warnings()

但是,您必须知道,这可能会导致潜在的安全风险

if you just want to stopping insecure warning like:

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:794: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning)

do:

requests.METHOD("https://www.google.com", verify=False)

verify=False

is the key, followings are not good at it:

requests.packages.urllib3.disable_warnings()

or

urllib3.disable_warnings()

but, you HAVE TO know, that might cause potential security risks.


回答 14


Mac
Pycharm社区版2019.3
Python解释器3.6 遇到相同的问题。
用20.0.2升级点对我有用。
Pycharm --> Preferences --> Project Interpreter --> click on pip --> specify version 20.0.2 --> Install package

I had same problem with
Mac
Pycharm community edition 2019.3
Python interpreter 3.6.
Upgrading pip with 20.0.2 worked for me.
Pycharm --> Preferences --> Project Interpreter --> click on pip --> specify version 20.0.2 --> Install package


Python请求抛出SSLError

问题:Python请求抛出SSLError

我正在研究一个简单的脚本,涉及CAS,jspring安全检查,重定向等。我想使用Kenneth Reitz的python请求,因为这是一项很棒的工作!但是,CAS需要通过SSL进行验证,因此我必须首先通过该步骤。我不知道想要什么Python请求吗?该SSL证书应该存放在哪里?

Traceback (most recent call last):
  File "./test.py", line 24, in <module>
  response = requests.get(url1, headers=headers)
  File "build/bdist.linux-x86_64/egg/requests/api.py", line 52, in get
  File "build/bdist.linux-x86_64/egg/requests/api.py", line 40, in request
  File "build/bdist.linux-x86_64/egg/requests/sessions.py", line 209, in request 
  File "build/bdist.linux-x86_64/egg/requests/models.py", line 624, in send
  File "build/bdist.linux-x86_64/egg/requests/models.py", line 300, in _build_response
  File "build/bdist.linux-x86_64/egg/requests/models.py", line 611, in send
requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

I’m working on a simple script that involves CAS, jspring security check, redirection, etc. I would like to use Kenneth Reitz’s python requests because it’s a great piece of work! However, CAS requires getting validated via SSL so I have to get past that step first. I don’t know what Python requests is wanting? Where is this SSL certificate supposed to reside?

Traceback (most recent call last):
  File "./test.py", line 24, in <module>
  response = requests.get(url1, headers=headers)
  File "build/bdist.linux-x86_64/egg/requests/api.py", line 52, in get
  File "build/bdist.linux-x86_64/egg/requests/api.py", line 40, in request
  File "build/bdist.linux-x86_64/egg/requests/sessions.py", line 209, in request 
  File "build/bdist.linux-x86_64/egg/requests/models.py", line 624, in send
  File "build/bdist.linux-x86_64/egg/requests/models.py", line 300, in _build_response
  File "build/bdist.linux-x86_64/egg/requests/models.py", line 611, in send
requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

回答 0

您遇到的问题是由不受信任的SSL证书引起的。

就像之前评论中提到的@dirk一样,最快的解决方法是设置verify=False

requests.get('https://example.com', verify=False)

请注意,这将导致证书不被验证。这会使您的应用程序面临安全风险,例如中间人攻击。

当然要运用判断力。正如在评论中提到的,这可能是为快速/一次性应用程序/脚本可以接受的,但真的不应该去制作软件

如果在特定情况下仅跳过证书检查是不可接受的,请考虑以下选项,最好的选择是将verify参数设置为字符串,该字符串是.pem证书文件的路径(应通过某种安全方法获取该字符串)手段)。

因此,从2.0版开始,该verify参数接受以下值及其各自的语义:

  • True:使证书根据库自身的可信证书颁发机构进行验证(注意:您可以通过Certifi库查看哪些根证书请求使用,Certifi库是从Requests:Certifi-Human Trust Database中提取的RC的信任数据库)。
  • False完全绕过证书验证。
  • CA_BUNDLE文件的路径,供请求用于验证证书。

来源:请求-SSL证书验证

还要看一下cert同一链接上的参数。

The problem you are having is caused by an untrusted SSL certificate.

Like @dirk mentioned in a previous comment, the quickest fix is setting verify=False:

requests.get('https://example.com', verify=False)

Please note that this will cause the certificate not to be verified. This will expose your application to security risks, such as man-in-the-middle attacks.

Of course, apply judgment. As mentioned in the comments, this may be acceptable for quick/throwaway applications/scripts, but really should not go to production software.

If just skipping the certificate check is not acceptable in your particular context, consider the following options, your best option is to set the verify parameter to a string that is the path of the .pem file of the certificate (which you should obtain by some sort of secure means).

So, as of version 2.0, the verify parameter accepts the following values, with their respective semantics:

  • True: causes the certificate to validated against the library’s own trusted certificate authorities (Note: you can see which Root Certificates Requests uses via the Certifi library, a trust database of RCs extracted from Requests: Certifi – Trust Database for Humans).
  • False: bypasses certificate validation completely.
  • Path to a CA_BUNDLE file for Requests to use to validate the certificates.

Source: Requests – SSL Cert Verification

Also take a look at the cert parameter on the same link.


回答 1

关于SSL验证的请求文档中

就像网络浏览器一样,请求可以验证HTTPS请求的SSL证书。要检查主机的SSL证书,可以使用verify参数:

>>> requests.get('https://kennethreitz.com', verify=True)

如果您不想验证自己的SSL证书,请输入 verify=False

From requests documentation on SSL verification:

Requests can verify SSL certificates for HTTPS requests, just like a web browser. To check a host’s SSL certificate, you can use the verify argument:

>>> requests.get('https://kennethreitz.com', verify=True)

If you don’t want to verify your SSL certificate, make verify=False


回答 2

要使用的CA文件名可以通过以下方式传递verify

cafile = 'cacert.pem' # http://curl.haxx.se/ca/cacert.pem
r = requests.get(url, verify=cafile)

如果使用,verify=Truerequests使用它自己的CA集,该CA集可能没有用于签署服务器证书的CA。

The name of CA file to use you could pass via verify:

cafile = 'cacert.pem' # http://curl.haxx.se/ca/cacert.pem
r = requests.get(url, verify=cafile)

If you use verify=True then requests uses its own CA set that might not have CA that signed your server certificate.


回答 3

$ pip install -U requests[security]

  • 已在Python 2.7.6 @ Ubuntu 14.04.4 LTS上测试
  • 在Python 2.7.5 @ MacOSX 10.9.5(Mavericks)上测试

打开此问题时(2012-05),请求版本为0.13.1。在版本2.4.1(2014-09)上,引入了“安全”附加功能,并使用certifi软件包(如果有)。

目前(2016-09)主版本为2.11.1,如果没有 ,则可以正常使用verify=False。无需使用requests.get(url, verify=False),如果已安装requests[security]其他功能。

$ pip install -U requests[security]

  • Tested on Python 2.7.6 @ Ubuntu 14.04.4 LTS
  • Tested on Python 2.7.5 @ MacOSX 10.9.5 (Mavericks)

When this question was opened (2012-05) the Requests version was 0.13.1. On version 2.4.1 (2014-09) the “security” extras were introduced, using certifi package if available.

Right now (2016-09) the main version is 2.11.1, that works good without verify=False. No need to use requests.get(url, verify=False), if installed with requests[security] extras.


回答 4

使用aws boto3时遇到相同的问题,并且ssl证书验证失败的问题,通过查看boto3代码,我发现REQUESTS_CA_BUNDLE未设置,因此我通过手动设置解决了这两个问题:

from boto3.session import Session
import os

# debian
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join(
    '/etc/ssl/certs/',
    'ca-certificates.crt')
# centos
#   'ca-bundle.crt')

对于aws-cli,我想将REQUESTS_CA_BUNDLE设置为~/.bashrc可以解决此问题(未经测试,因为我的aws-cli没有它就可以工作)。

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt # ca-bundle.crt
export REQUESTS_CA_BUNDLE

I encountered the same issue and ssl certificate verify failed issue when using aws boto3, by review boto3 code, I found the REQUESTS_CA_BUNDLE is not set, so I fixed the both issue by setting it manually:

from boto3.session import Session
import os

# debian
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join(
    '/etc/ssl/certs/',
    'ca-certificates.crt')
# centos
#   'ca-bundle.crt')

For aws-cli, I guess setting REQUESTS_CA_BUNDLE in ~/.bashrc will fix this issue (not tested because my aws-cli works without it).

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt # ca-bundle.crt
export REQUESTS_CA_BUNDLE

回答 5

如果您有一个依赖的库requests并且不能修改验证路径(如pyvmomi),则必须找到cacert.pem与请求捆绑在一起的文件,然后在其中附加您的CA。这是找到cacert.pem位置的通用方法:

视窗

C:\>python -c "import requests; print requests.certs.where()"
c:\Python27\lib\site-packages\requests-2.8.1-py2.7.egg\requests\cacert.pem

linux

#  (py2.7.5,requests 2.7.0, verify not enforced)
root@host:~/# python -c "import requests; print requests.certs.where()"
/usr/lib/python2.7/dist-packages/certifi/cacert.pem

#  (py2.7.10, verify enforced)
root@host:~/# python -c "import requests; print requests.certs.where()"
/usr/local/lib/python2.7/dist-packages/requests/cacert.pem

顺便说一句 @ requests-devs,将自己的cacerts与请求捆绑在一起确实非常烦人……尤其是您似乎没有先使用ca ca系统存储这一事实,并且在任何地方都没有记录。

更新

在使用库且无法控制ca-bundle位置的情况下,还可以将ca-bundle位置显式设置为主机范围的ca-bundle:

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt python -c "import requests; requests.get('https://somesite.com';)"

In case you have a library that relies on requests and you cannot modify the verify path (like with pyvmomi) then you’ll have to find the cacert.pem bundled with requests and append your CA there. Here’s a generic approach to find the cacert.pem location:

windows

C:\>python -c "import requests; print requests.certs.where()"
c:\Python27\lib\site-packages\requests-2.8.1-py2.7.egg\requests\cacert.pem

linux

#  (py2.7.5,requests 2.7.0, verify not enforced)
root@host:~/# python -c "import requests; print requests.certs.where()"
/usr/lib/python2.7/dist-packages/certifi/cacert.pem

#  (py2.7.10, verify enforced)
root@host:~/# python -c "import requests; print requests.certs.where()"
/usr/local/lib/python2.7/dist-packages/requests/cacert.pem

btw. @requests-devs, bundling your own cacerts with request is really, really annoying… especially the fact that you do not seem to use the system ca store first and this is not documented anywhere.

update

in situations, where you’re using a library and have no control over the ca-bundle location you could also explicitly set the ca-bundle location to be your host-wide ca-bundle:

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-bundle.crt python -c "import requests; requests.get('https://somesite.com';)"

回答 6

使用gspread会遇到相同的问题,这些命令对我有用:

sudo pip uninstall -y certifi
sudo pip install certifi==2015.04.28

I face the same problem using gspread and these commands works for me:

sudo pip uninstall -y certifi
sudo pip install certifi==2015.04.28

回答 7

如果要删除警告,请使用以下代码。

import urllib3

urllib3.disable_warnings()

以及verify=Falsewith request.getpostmethod

If you want to remove the warnings, use the code below.

import urllib3

urllib3.disable_warnings()

and verify=False with request.get or post method


回答 8

我找到了解决类似问题的特定方法。这个想法是指向存储在系统上的cacert文件,并由另一个基于ssl的应用程序使用。

在Debian中(我不确定其他发行版中是否相同),证书文件(.pem)存储在/etc/ssl/certs/So,这是对我有用的代码:

import requests
verify='/etc/ssl/certs/cacert.org.pem'
response = requests.get('https://lists.cacert.org', verify=verify)

为了猜测pem选择哪个文件,我浏览了该URL,然后检查哪个证书颁发机构(CA)生成了证书。

编辑:如果您不能编辑代码(因为正在运行第三个应用程序),则可以尝试将pem证书直接添加到其中/usr/local/lib/python2.7/dist-packages/requests/cacert.pem(例如,将证书复制到文件末尾)。

I have found an specific approach for solving a similar issue. The idea is pointing the cacert file stored at the system and used by another ssl based applications.

In Debian (I’m not sure if same in other distributions) the certificate files (.pem) are stored at /etc/ssl/certs/ So, this is the code that work for me:

import requests
verify='/etc/ssl/certs/cacert.org.pem'
response = requests.get('https://lists.cacert.org', verify=verify)

For guessing what pem file choose, I have browse to the url and check which Certificate Authority (CA) has generated the certificate.

EDIT: if you cannot edit the code (because you are running a third app) you can try to add the pem certificate directly into /usr/local/lib/python2.7/dist-packages/requests/cacert.pem (e.g. copying it to the end of the file).


回答 9

如果您不关心证书,请使用verify=False

import requests

url = "Write your url here"

returnResponse = requests.get(url, verify=False)

If you don’t bother about certificate just use verify=False.

import requests

url = "Write your url here"

returnResponse = requests.get(url, verify=False)

回答 10

经过数小时的调试,我只能使用以下软件包来使其工作:

requests[security]==2.7.0  # not 2.18.1
cryptography==1.9  # not 2.0

使用 OpenSSL 1.0.2g 1 Mar 2016

没有这些软件包将verify=False无法正常工作。

我希望这可以帮助别人。

After hours of debugging I could only get this to work using the following packages:

requests[security]==2.7.0  # not 2.18.1
cryptography==1.9  # not 2.0

using OpenSSL 1.0.2g 1 Mar 2016

Without these packages verify=False was not working.

I hope this helps someone.


回答 11

我遇到了同样的问题。原来我没有在服务器上安装中间证书(只需将其附加到证书的底部,如下所示)。

https://www.digicert.com/ssl-support/pem-ssl-creation.htm

确保已安装ca-certificates软件包:

sudo apt-get install ca-certificates

更新时间也可以解决此问题:

sudo apt-get install ntpdate
sudo ntpdate -u ntp.ubuntu.com

如果您使用的是自签名证书,则可能必须手动将其添加到系统中。

I ran into the same issue. Turns out I hadn’t installed the intermediate certificate on my server (just append it to the bottom of your certificate as seen below).

https://www.digicert.com/ssl-support/pem-ssl-creation.htm

Make sure you have the ca-certificates package installed:

sudo apt-get install ca-certificates

Updating the time may also resolve this:

sudo apt-get install ntpdate
sudo ntpdate -u ntp.ubuntu.com

If you’re using a self-signed certificate, you’ll probably have to add it to your system manually.


回答 12

如果请求调用被埋在代码的深处,并且您不想安装服务器证书,则仅出于调试目的,可以对请求进行monkeypatch:

import requests.api
import warnings


def requestspatch(method, url, **kwargs):
    kwargs['verify'] = False
    return _origcall(method, url, **kwargs)

_origcall = requests.api.request
requests.api.request = requestspatch
warnings.warn('Patched requests: SSL verification disabled!')

切勿在生产中使用!

If the request calls are buried somewhere deep in the code and you do not want to install the server certificate, then, just for debug purposes only, it’s possible to monkeypatch requests:

import requests.api
import warnings


def requestspatch(method, url, **kwargs):
    kwargs['verify'] = False
    return _origcall(method, url, **kwargs)

_origcall = requests.api.request
requests.api.request = requestspatch
warnings.warn('Patched requests: SSL verification disabled!')

Never use in production!


回答 13

我想参加聚会太晚了,但我想为像我这样的流浪者粘贴修复程序!所以以下内容在Python 3.7.x上为我解决了

在终端中输入以下内容

pip install --upgrade certifi      # hold your breath..

尝试再次运行您的脚本/请求,看看它是否有效(我确定它不会被修复!)。如果不起作用,请尝试直接在终端中运行以下命令

open /Applications/Python\ 3.6/Install\ Certificates.command  # please replace 3.6 here with your suitable python version

Too late to the party I guess but I wanted to paste the fix for fellow wanderers like myself! So the following worked out for me on Python 3.7.x

Type the following in your terminal

pip install --upgrade certifi      # hold your breath..

Try running your script/requests again and see if it works (I’m sure it won’t be fixed yet!). If it didn’t work then try running the following command in the terminal directly

open /Applications/Python\ 3.6/Install\ Certificates.command  # please replace 3.6 here with your suitable python version

回答 14

我为HOURS争取了这个问题。

我试图更新请求。然后,我更新了证书。我指出了对certifi.where()的验证(无论如何,代码默认情况下都会这样做)。没事。

最后,我将python版本更新为python 2.7.11。我使用的是Python 2.7.5,它与验证证书的方式有些不兼容。一旦我更新了Python(以及其他一些依赖项),它便开始工作。

I fought this problem for HOURS.

I tried to update requests. Then I updated certifi. I pointed verify to certifi.where() (The code does this by default anyways). Nothing worked.

Finally I updated my version of python to python 2.7.11. I was on Python 2.7.5 which had some incompatibilities with the way that the certificates are verified. Once I updated Python (and a handful of other dependencies) it started working.


回答 15

这类似于@ rafael-almeida的答案,但我想指出,从请求2.11+开始,没有3个值verify可以使用,实际上有4个:

  • True:根据请求的内部可信CA进行验证。
  • False完全绕过证书验证。(不建议)
  • CA_BUNDLE文件的路径。请求将使用它来验证服务器的证书。
  • 包含公共证书文件的目录的路径。请求将使用它来验证服务器的证书。

我剩下的答案是关于#4,如何使用包含证书的目录进行验证:

获取所需的公共证书并将其放置在目录中。

严格来说,您可能“应该”使用带外方法来获取证书,但是您也可以仅使用任何浏览器下载它们。

如果服务器使用证书链,请确保获取链中的每个证书。

根据请求文档,必须首先使用“ rehash”实用程序(openssl rehash)处理包含证书的目录。

(这需要openssl 1.1.1+,并且并非所有Windows openssl实施都支持rehash。如果openssl rehash不适合您,则可以尝试在https://github.com/ruby/openssl/blob/master上运行rehash ruby​​脚本。/sample/c_rehash.rb,尽管我还没有尝试过。

我在获取要求识别我的证书的请求时遇到了一些麻烦,但是在使用openssl x509 -outform PEM命令将证书转换为Base64 .pem格式后,一切工作正常。

您也可以只进行懒散的重新哈希处理:

try:
    # As long as the certificates in the certs directory are in the OS's certificate store, `verify=True` is fine.
    return requests.get(url, auth=auth, verify=True)
except requests.exceptions.SSLError:
    subprocess.run(f"openssl rehash -compat -v my_certs_dir", shell=True, check=True)
    return requests.get(url, auth=auth, verify="my_certs_dir")

This is similar to @rafael-almeida ‘s answer, but I want to point out that as of requests 2.11+, there are not 3 values that verify can take, there are actually 4:

  • True: validates against requests’s internal trusted CAs.
  • False: bypasses certificate validation completely. (Not recommended)
  • Path to a CA_BUNDLE file. requests will use this to validate the server’s certificates.
  • Path to a directory containing public certificate files. requests will use this to validate the server’s certificates.

The rest of my answer is about #4, how to use a directory containing certificates to validate:

Obtain the public certificates needed and place them in a directory.

Strictly speaking, you probably “should” use an out-of-band method of obtaining the certificates, but you could also just download them using any browser.

If the server uses a certificate chain, be sure to obtain every single certificate in the chain.

According to the requests documentation, the directory containing the certificates must first be processed with the “rehash” utility (openssl rehash).

(This requires openssl 1.1.1+, and not all Windows openssl implementations support rehash. If openssl rehash won’t work for you, you could try running the rehash ruby script at https://github.com/ruby/openssl/blob/master/sample/c_rehash.rb , though I haven’t tried this. )

I had some trouble with getting requests to recognize my certificates, but after I used the openssl x509 -outform PEM command to convert the certs to Base64 .pem format, everything worked perfectly.

You can also just do lazy rehashing:

try:
    # As long as the certificates in the certs directory are in the OS's certificate store, `verify=True` is fine.
    return requests.get(url, auth=auth, verify=True)
except requests.exceptions.SSLError:
    subprocess.run(f"openssl rehash -compat -v my_certs_dir", shell=True, check=True)
    return requests.get(url, auth=auth, verify="my_certs_dir")

回答 16

目前,请求模块中存在一个导致此错误的问题,存在于v2.6.2至v2.12.4(ATOW)中:https : //github.com/kennethreitz/requests/issues/2573

解决此问题的方法是添加以下行: requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

There is currently an issue in the requests module causing this error, present in v2.6.2 to v2.12.4 (ATOW): https://github.com/kennethreitz/requests/issues/2573

Workaround for this issue is adding the following line: requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'


回答 17

如@Rafael Almeida所述,您遇到的问题是由不受信任的SSL证书引起的。就我而言,我的服务器不信任SSL证书。为了解决此问题而不损害安全性,我下载了证书并将其安装在服务器上(只需双击.crt文件,然后安装证书…)。

As mentioned by @Rafael Almeida, the problem you are having is caused by an untrusted SSL certificate. In my case, the SSL certificate was untrusted by my server. To get around this without compromising security, I downloaded the certificate, and installed it on the server (by simply double clicking on the .crt file and then Install Certificate…).


回答 18

如果正在从另一个包中调用请求,则添加选项是不可行的。在那种情况下,将证书添加到cacert捆绑包是直接的方法,例如,我必须添加“ StartCom Class 1 Primary Intermediate Server CA”,为此,我将根证书下载到StartComClass1.pem中。鉴于我的virtualenv名为caldav,我添加了以下证书:

cat StartComClass1.pem >> .virtualenvs/caldav/lib/python2.7/site-packages/pip/_vendor/requests/cacert.pem
cat temp/StartComClass1.pem >> .virtualenvs/caldav/lib/python2.7/site-packages/requests/cacert.pem

其中之一可能就足够了,我没有检查

It is not feasible to add options if requests is being called from another package. In that case adding certificates to the cacert bundle is the straight path, e.g. I had to add “StartCom Class 1 Primary Intermediate Server CA”, for which I downloaded the root cert into StartComClass1.pem. given my virtualenv is named caldav, I added the certificate with:

cat StartComClass1.pem >> .virtualenvs/caldav/lib/python2.7/site-packages/pip/_vendor/requests/cacert.pem
cat temp/StartComClass1.pem >> .virtualenvs/caldav/lib/python2.7/site-packages/requests/cacert.pem

one of those might be enough, I did not check


回答 19

我遇到了相似或相同的认证验证问题。我读到的OpenSSL版本低于1.0.2,该请求有时取决于验证强证书的困难(请参阅此处)。CentOS 7似乎使用了1.0.1e,这似乎有问题。

我不确定如何在CentOS上解决此问题,因此我决定允许使用较弱的1024位CA证书。

import certifi # This should be already installed as a dependency of 'requests'
requests.get("https://example.com", verify=certifi.old_where())

I was having a similar or the same certification validation problem. I read that OpenSSL versions less than 1.0.2, which requests depends upon sometimes have trouble validating strong certificates (see here). CentOS 7 seems to use 1.0.1e which seems to have the problem.

I wasn’t sure how to get around this problem on CentOS, so I decided to allow weaker 1024bit CA certificates.

import certifi # This should be already installed as a dependency of 'requests'
requests.get("https://example.com", verify=certifi.old_where())

回答 20

我必须从Python 3.4.0升级到3.4.6

pyenv virtualenv 3.4.6 myvenv
pyenv activate myvenv
pip install -r requirements.txt

I had to upgrade from Python 3.4.0 to 3.4.6

pyenv virtualenv 3.4.6 myvenv
pyenv activate myvenv
pip install -r requirements.txt

回答 21

就我而言,原因是无关紧要的。

我知道SSL验证已经进行了几天,实际上是在另一台机器上工作。

我的下一步是比较正在验证的计算机和未进行验证的计算机之间的证书内容和大小。

这很快导致我确定“工作不正确”的计算机上的证书不好,一旦我将其替换为“好”证书,一切就很好了。

In my case the reason was fairly trivial.

I had known that the SSL verification had worked until a few days earlier, and was infact working on a different machine.

My next step was to compare the certificate contents and size between the machine on which verification was working, and the one on which it was not.

This quickly led to me determining that the Certificate on the ‘incorrectly’ working machine was not good, and once I replaced it with the ‘good’ cert, everything was fine.


pip安装失败,并显示“连接错误:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:598)”

问题:pip安装失败,并显示“连接错误:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:598)”

我是Python的新手,并尝试> pip install linkchecker在Windows 7上使用。

  • 无论软件包如何,pip安装都会失败。例如,> pip install scrapy还会导致SSL错误。
  • 原始安装的Python 3.4.1包含pip 1.5.6。我尝试做的第一件事是安装linkchecker。Python 2.7已经安装,它是ArcGIS附带的。python并且pip直到我安装3.4.1时才可从命令行使用。
  • > pip search linkchecker作品。可能是因为点子搜索无法验证站点的SSL证书。
  • 我在公司网络中,但是我们没有通过代理访问Internet。
  • 每台公司计算机(包括我的计算机)都具有受信任的根证书颁发机构,该证书颁发机构出于各种原因而被使用,包括启用对到https://google.com的 TLS流量的监视。不确定是否与此有关。

这是运行后我的pip.log的内容pip install linkchecker

Downloading/unpacking linkchecker
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for linkchecker:
  * https://pypi.python.org/simple/linkchecker/
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
  Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

I am very new to Python and trying to > pip install linkchecker on Windows 7. Some notes:

  • pip install is failing no matter the package. For example, > pip install scrapy also results in the SSL error.
  • Vanilla install of Python 3.4.1 included pip 1.5.6. The first thing I tried to do was install linkchecker. Python 2.7 was already installed, it came with ArcGIS. python and pip were not available from the command line until I installed 3.4.1.
  • > pip search linkchecker works. Perhaps that is because pip search does not verify the site’s SSL certificate.
  • I am in a company network but we do not go through a proxy to reach the Internet.
  • Each company computer (including mine) has a Trusted Root Certificate Authority that is used for various reasons including enabling monitoring TLS traffic to https://google.com. Not sure if that has anything to do with it.

Here are the contents of my pip.log after running pip install linkchecker:

Downloading/unpacking linkchecker
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for linkchecker:
  * https://pypi.python.org/simple/linkchecker/
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
  Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

回答 0

—–> pip install gensim config –global http.sslVerify否

只需使用“ config –global http.sslVerify false”语句安装任何软件包

您可以通过将pypi.org和设置files.pythonhosted.org为受信任的主机来忽略SSL错误。

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

注意:在2018年4月的某个时候,Python软件包索引从迁移pypi.python.orgpypi.org。这意味着使用旧域的“受信任主机”命令不再起作用。

永久修复

自发布pip 10.0起,您应该能够通过pip自我升级永久解决此问题:

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pip setuptools

或者通过重新安装以获得最新版本:

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

(…,然后get-pip.py与相关的Python解释器一起运行)。

pip install <otherpackage>应该在此之后工作。如果没有,那么您将需要做更多的事情,如下所述。


您可能需要将信任的主机和代理添加到配置文件中

pip.ini(Windows)或pip.conf(unix)

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

替代解决方案(安全程度较低)

大多数答案可能会带来安全问题。

帮助轻松安装大多数python软件包的两个解决方法是:

  • 使用easy_install:如果您确实很懒,不想浪费很多时间,请使用easy_install <package_name>。请注意,找不到某些软件包,或者会产生一些小错误。
  • 使用Wheel:下载python软件包Wheel并使用pip命令pip install wheel_package_name.whl安装该软件包。

—–> pip install gensim config –global http.sslVerify false

Just install any package with the “config –global http.sslVerify false” statement

You can ignore SSL errors by setting pypi.org and files.pythonhosted.org as trusted hosts.

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package_name>

Note: Sometime during April 2018, the Python Package Index was migrated from pypi.python.org to pypi.org. This means “trusted-host” commands using the old domain no longer work.

Permanent Fix

Since the release of pip 10.0, you should be able to fix this permanently just by upgrading pip itself:

$ pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org pip setuptools

Or by just reinstalling it to get the latest version:

$ curl https://bootstrap.pypa.io/get-pip.py -o get-pip.py

(… and then running get-pip.py with the relevant Python interpreter).

pip install <otherpackage> should just work after this. If not, then you will need to do more, as explained below.


You may want to add the trusted hosts and proxy to your config file.

pip.ini (Windows) or pip.conf (unix)

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

Alternate Solutions (Less secure)

Most of the answers could pose a security issue.

Two of the workarounds that help in installing most of the python packages with ease would be:

  • Using easy_install: if you are really lazy and don’t want to waste much time, use easy_install <package_name>. Note that some packages won’t be found or will give small errors.
  • Using Wheel: download the Wheel of the python package and use the pip command pip install wheel_package_name.whl to install the package.

回答 1

您可以使用以下参数指定证书:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install linkchecker

请参阅:文档»参考指南»点

如果指定您公司的根证书无效,则可能无法使用cURL:http : //curl.haxx.se/ca/cacert.pem

您必须使用PEM文件而不是CRT文件。如果您有CRT文件,则需要将该文件转换为PEM。注释中有报告说,该报告现在可用于CRT文件,但我尚未验证。

还要检查:SSL证书验证

You can specify a cert with this param:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install linkchecker

See: Docs » Reference Guide » pip

If specifying your company’s root cert doesn’t work maybe the cURL one will work: http://curl.haxx.se/ca/cacert.pem

You must use a PEM file and not a CRT file. If you have a CRT file you will need to convert the file to PEM There are reports in the comments that this now works with a CRT file but I have not verified.

Also check: SSL Cert Verification.


回答 2

kenorb的答案非常有用(而且很棒!)。
在他的解决方案中,也许这是最简单的解决方案: --trusted-host

例如,在这种情况下,您可以

pip install --trusted-host pypi.python.org linkchecker

不需要pem文件(或其他任何文件)。

kenorb’s answer is very useful (and great!).
Among his solutions, maybe this is the most simple one: --trusted-host

For example, in this case you can do

pip install --trusted-host pypi.python.org linkchecker

The pem file(or anything else) is unnecessary.


回答 3

对我来说,问题的解决,创建一个文件夹 pip,一个文件:pip.iniC:\Users\<username>\AppData\Roaming\ 例如:

C:\Users\<username>\AppData\Roaming\pip\pip.ini

我在里面写道:

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

我重新启动python,然后pip永久信任这些站点,并使用它们从中下载软件包。

如果在Windows上找不到AppData文件夹,请写入%appdata%文件资源管理器,它将出现。

For me the problem was fixed by creating a folder pip, with a file: pip.ini in C:\Users\<username>\AppData\Roaming\ e.g:

C:\Users\<username>\AppData\Roaming\pip\pip.ini

Inside it I wrote:

[global]
trusted-host = pypi.python.org
               pypi.org
               files.pythonhosted.org

I restarted python, and then pip permanently trusted these sites, and used them to download packages from.

If you can’t find the AppData Folder on windows, write %appdata% in file explorer and it should appear.


回答 4

答案是非常相似的,并且有些令人困惑。就我而言,就是公司网络中的证书。我能够使用以下方法解决该问题:

pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org oauthlib -vvv

如这里所见。如果不需要详细的输出,则可以省略-vvv参数

The answers are quite similar and a bit confusing. In my case, the certificates in my company’s network was the issue. I was able to work around the problem using:

pip install --trusted-host files.pythonhosted.org --trusted-host pypi.org --trusted-host pypi.python.org oauthlib -vvv

As seen here. The -vvv argument can be omited if verbose output is not required


回答 5

永久修复

pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org

例如:

pip install <package name> --trusted-host pypi.org --trusted-host files.pythonhosted.org

Permanent Fix

pip install --upgrade pip --trusted-host pypi.org --trusted-host files.pythonhosted.org

For eg:

pip install <package name> --trusted-host pypi.org --trusted-host files.pythonhosted.org

回答 6

要一劳永逸地解决此问题,您可以验证您是否有pip.conf文件。

pip.conf根据文档,这是您应该在的位置:

在Unix上,默认配置文件是:$HOME/.config/pip/pip.conf尊重XDG_CONFIG_HOME环境变量。

在macOS上,配置文件是$HOME/Library/Application Support/pip/pip.conf目录是否$HOME/Library/Application Support/pip存在$HOME/.config/pip/pip.conf

在Windows上,配置文件为%APPDATA%\pip\pip.ini

在virtualenv内部:

在Unix和macOS上,文件为 $VIRTUAL_ENV/pip.conf

在Windows上,文件为: %VIRTUAL_ENV%\pip.ini

pip.conf应该看起来像:

[global]
trusted-host = pypi.python.org

pip install linkcheckerlinkchecker创建pip.conf文件后安装无投诉。

To solve this problem once and for all, you can verify that you have a pip.conf file.

This is where your pip.conf should be, according to the documentation:

On Unix the default configuration file is: $HOME/.config/pip/pip.conf which respects the XDG_CONFIG_HOME environment variable.

On macOS the configuration file is $HOME/Library/Application Support/pip/pip.conf if directory $HOME/Library/Application Support/pip exists else $HOME/.config/pip/pip.conf

On Windows the configuration file is %APPDATA%\pip\pip.ini.

Inside a virtualenv:

On Unix and macOS the file is $VIRTUAL_ENV/pip.conf

On Windows the file is: %VIRTUAL_ENV%\pip.ini

Your pip.conf should look like:

[global]
trusted-host = pypi.python.org

pip install linkchecker installed linkchecker without complains after I created the pip.conf file.


回答 7

我发现的最直接的方法是,从https://www.digicert.com/digicert-root-certificates.htm#roots从DigiCert下载和使用“ DigiCert高保证EV根CA”。

您可以通过单击地址栏中的锁定图标来访问https://pypi.python.org/以验证证书颁发者,或通过使用openssl来提高您的怪胎信誉:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

证书链中的最后一个CN值是您需要下载的CA的名称。

要一次性完成,请执行以下操作:

  1. 从DigiCert 下载CRT
  2. 将CRT转换为PEM格式
  3. 将PIP_CERT环境变量导出到PEM文件的路径

(最后一行假设您正在使用bash shell)在运行pip之前。

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

为了使其可重复使用,请将DigiCertHighAssuranceEVRootCA.crt放在公共位置,然后在〜/ .bashrc中相应地导出PIP_CERT。

The most straightforward way I’ve found, is to download and use the “DigiCert High Assurance EV Root CA” from DigiCert at https://www.digicert.com/digicert-root-certificates.htm#roots

You can visit https://pypi.python.org/ to verify the cert issuer by clicking on the lock icon in the address bar, or increase your geek cred by using openssl:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

The last CN value in the certificate chain is the name of the CA that you need to download.

For a one-off effort, do the following:

  1. Download the CRT from DigiCert
  2. Convert the CRT to PEM format
  3. Export the PIP_CERT environment variable to the path of the PEM file

(the last line assumes you are using the bash shell) before running pip.

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

To make this re-usable, put DigiCertHighAssuranceEVRootCA.crt somewhere common and export PIP_CERT accordingly in your ~/.bashrc.


回答 8

您可以通过以下方式解决问题CERTIFICATE_VERIFY_FAILED

  • 使用HTTP代替HTTPS(例如--index-url=http://pypi.python.org/simple/)。
  • 使用--cert <trusted.pem>CA_BUNDLE变量指定备用CA捆绑包。

    例如,您可以从Web浏览器转到失败的URL,然后将根证书导入到您的系统中。

  • 运行python -c "import ssl; print(ssl.get_default_verify_paths())"以检查当前的(验证是否存在)。

  • OpenSSL具有一对环境(SSL_CERT_DIRSSL_CERT_FILE),可用于指定不同的证书数据库PEP-476
  • 用于--trusted-host <hostname>将主机标记为可信。
  • 在Python中verify=False用于requests.get(请参阅:SSL证书验证)。
  • 使用--proxy <proxy>以避免证书检查。

有关更多信息,请参见套接字对象的TLS / SSL包装器-验证证书

You’ve the following possibilities to solve issue with CERTIFICATE_VERIFY_FAILED:

  • Use HTTP instead of HTTPS (e.g. --index-url=http://pypi.python.org/simple/).
  • Use --cert <trusted.pem> or CA_BUNDLE variable to specify alternative CA bundle.

    E.g. you can go to failing URL from web-browser and import root certificate into your system.

  • Run python -c "import ssl; print(ssl.get_default_verify_paths())" to check the current one (validate if exists).

  • OpenSSL has a pair of environments (SSL_CERT_DIR, SSL_CERT_FILE) which can be used to specify different certificate databasePEP-476.
  • Use --trusted-host <hostname> to mark the host as trusted.
  • In Python use verify=False for requests.get (see: SSL Cert Verification).
  • Use --proxy <proxy> to avoid certificate checks.

Read more at: TLS/SSL wrapper for socket objects – Verifying certificates.


回答 9

正确设置时间和日期!

对我来说,结果表明我的日期和时间在Raspberry Pi上配置错误。结果是使用https://files.pythonhosted.org/服务器,所有SSL和HTTPS连接均失败。

像这样更新它:

sudo date -s "Wed Thu  23 11:12:00 GMT+1 2018"
sudo dpkg-reconfigure tzdata

或直接以Google的时间为准:

参考:https : //superuser.com/a/635024/935136

sudo date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"
sudo dpkg-reconfigure tzdata

Set Time and Date correct!

For me, it came out that my date and time was misconfigured on Raspberry Pi. The result was that all SSL and HTTPS connections failed, using the https://files.pythonhosted.org/ server.

Update it like this:

sudo date -s "Wed Thu  23 11:12:00 GMT+1 2018"
sudo dpkg-reconfigure tzdata

Or directly with e.g. Google’s time:

Ref.: https://superuser.com/a/635024/935136

sudo date -s "$(curl -s --head http://google.com | grep ^Date: | sed 's/Date: //g')"
sudo dpkg-reconfigure tzdata

回答 10

我最近遇到了这个问题,因为我公司的Web内容过滤器使用自己的证书颁发机构,以便可以过滤SSL流量。在我的情况下,PIP似乎没有使用系统的CA证书,从而产生了您提到的错误。后来将PIP降级到1.2.1版会带来一系列问题,因此我回到了Python 3.4附带的原始版本。

我的解决方法非常简单:使用easy_install。它要么不检查证书(例如旧的PIP版本),要么知道使用系统证书,因为它每次都对我有用,我仍然可以使用PIP卸载使用easy_install安装的软件包。

如果那行不通,并且您可以访问没有问题的网络或计算机,则可以始终设置自己的个人PyPI服务器:如何在没有镜像的情况下创建本地自己的pypi存储库索引?

我几乎做到了,直到我尝试将其easy_install作为最后的努力。

I recently ran into this problem because of my company’s web content filter that uses its own Certificate Authority so that it can filter SSL traffic. PIP doesn’t seem to be using the system’s CA certificates in my case, producing the error you mention. Downgrading PIP to version 1.2.1 presented its own set of problems later on, so I went back to the original version that came with Python 3.4.

My workaround is quite simple: use easy_install. Either it doesn’t check the certs (like the old PIP version), or it knows to use the system certs because it works every time for me and I can still use PIP to uninstall packages installed with easy_install.

If that doesn’t work and you can get access to a network or computer that doesn’t have the issue, you could always setup your own personal PyPI server: how to create local own pypi repository index without mirror?

I almost did that until I tried using easy_install as a last ditch effort.


回答 11

您可以尝试使用http而不是https来绕过SSL错误。当然,就安全性而言,并不是最佳选择,但是如果您急于使用它,可以采取以下措施:

pip install --index-url=http://pypi.python.org/simple/ linkchecker

You can try to bypass the SSL error by using http instead of https. Of course this is not optimal in terms of security, but if you are in a hurry it should do the trick:

pip install --index-url=http://pypi.python.org/simple/ linkchecker

回答 12

使用答案

pip install --trusted-host pypi.python.org <package>

工作。但是,您必须检查是否存在重定向或缓存pip命中。在Windows 7上pip 9.0.1,我必须运行

pip install \
  --trusted-host pypi.python.org \
  --trusted-host pypi.org \
  --trusted-host files.pythonhosted.org \
  <package>

您可以使用详细标志找到它们。

The answers to use

pip install --trusted-host pypi.python.org <package>

work. But you’ll have to check if there are redirects or caches pip is hitting. On Windows 7 with pip 9.0.1, I had to run

pip install \
  --trusted-host pypi.python.org \
  --trusted-host pypi.org \
  --trusted-host files.pythonhosted.org \
  <package>

You can find these with the verbose flag.


回答 13

我使用easy_install安装了pip 1.2.1,并升级到了最新版本的pip(当时为6.0.7),可以在我的情况下安装软件包。

easy_install pip==1.2.1
pip install --upgrade pip

I installed pip 1.2.1 with easy_install and upgraded to latest version of pip (6.0.7 at the time) which is able to install packages in my case.

easy_install pip==1.2.1
pip install --upgrade pip

回答 14

您有4个选择:

使用证书作为参数

$ pip install --cert /path/to/mycertificate.crt linkchecker

在证书中使用证书 pip.conf

创建此文件:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

并添加以下行:

[global]
cert = /path/to/mycertificate.crt

忽略证书并使用HTTP

$ pip install --trusted-host pypi.python.org linkchecker

忽略证书并在pip.conf中使用HTTP

创建此文件:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

并添加以下行:

[global]
trusted-host = pypi.python.org

资源

You have 4 options:

Using a certificate as parameter

$ pip install --cert /path/to/mycertificate.crt linkchecker

Using a certificate in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
cert = /path/to/mycertificate.crt

Ignoring certificate and using HTTP

$ pip install --trusted-host pypi.python.org linkchecker

Ignoring certificate and using HTTP in a pip.conf

Create this file:

$HOME/.pip/pip.conf (Linux)

%HOME%\pip\pip.ini (Windows)

and add these lines:

[global]
trusted-host = pypi.python.org

Source


回答 15

首先,

    pip install --trusted-host pypi.python.org <package name>

没有为我工作。我一直收到CERTIFICATE_VERIFY_FAILED错误。但是,我在错误消息中注意到它们引用了“ pypi.org”站点。因此,我将其用作受信任的主机名,而不是pypi.python.org。那几乎使我到了那里。CERTIFICATE_VERIFY_FAILED仍使加载失败,但是稍后。找到对失败网站的引用,我将其作为受信任的主机。最终对我有用的是:

    pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>

First of all,

    pip install --trusted-host pypi.python.org <package name>

did not work for me. I kept getting the CERTIFICATE_VERIFY_FAILED error. However, I noticed in the error messages that they referenced the ‘pypi.org’ site. So, I used this as the trusted host name instead of pypi.python.org. That almost got me there; the load was still failing with CERTIFICATE_VERIFY_FAILED, but at a later point. Finding the reference to the website that was failing, I included it as a trusted host. What eventually worked for me was:

    pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <package name>

回答 16

我不确定这是否相关,但是我有一个类似的问题,可以通过将这些文件从Anaconda3 / Library / bin复制到Anaconda3 / DLLs来解决:

libcrypto-1_1-x64.dll

libssl-1_1-x64.dll

I’m not sure if this is related, but I had a similar problem which was fixed by copying these files from Anaconda3/Library/bin to Anaconda3/DLLs :

libcrypto-1_1-x64.dll

libssl-1_1-x64.dll


回答 17

pip install ftputil在64位Windows 7 Enterprise上尝试使用ActivePython 2.7.8,ActivePython 3.4.1和“常规” Python 3.4.2时遇到了相同的问题。所有尝试均以与OP相同的错误失败。

通过降级为pip 1.2.1解决了Python 3.4.2的问题:(easy_install pip==1.2.1请参阅https://stackoverflow.com/a/16370731/234235)。同样的修复也适用于ActivePython 2.7.8。

该bug于2013年3月报告,目前仍在打开:https : //github.com/pypa/pip/issues/829

Had the same problem trying pip install ftputil with ActivePython 2.7.8, ActivePython 3.4.1, and “stock” Python 3.4.2 on 64-bit Windows 7 Enterprise. All attempts failed with the same errors as OP.

Worked around the problem for Python 3.4.2 by downgrading to pip 1.2.1: easy_install pip==1.2.1 (see https://stackoverflow.com/a/16370731/234235). Same fix also worked for ActivePython 2.7.8.

The bug, reported in March 2013, is still open: https://github.com/pypa/pip/issues/829.


回答 18

直到我使用–verbose选项查看它想要进入files.pythonhosted.org而不是pypi.python.org为止,此页面上的所有内容都对我没有作用:

pip install --trusted-host files.pythonhosted.org <package_name>

因此,请通过–verbose选项检查实际失败的URL。

Nothing on this page worked for me until I used the –verbose option to see that it wanted to get to files.pythonhosted.org rather than pypi.python.org:

pip install --trusted-host files.pythonhosted.org <package_name>

So check the URL that it’s actually failing on via the –verbose option.


回答 19

我通过删除我的点子并安装了较旧版本的点子来解决此问题:https : //pypi.python.org/pypi/pip/1.2.1

I solved this problem by removing my pip and installing the older version of pip: https://pypi.python.org/pypi/pip/1.2.1


回答 20

您可以尝试忽略“ https”:

pip install --index-url=http://pypi.python.org/simple/ --trusted-host pypi.python.org  [your package..]

You can try this to ignore “https”:

pip install --index-url=http://pypi.python.org/simple/ --trusted-host pypi.python.org  [your package..]

回答 21

一种解决方案(对于Windows)是pip.ini%AppData%\pip\文件夹上创建一个名为的文件(如果该文件夹不存在,则创建该文件夹)并插入以下详细信息:

[global]
cert = C:/certs/python_root.pem
proxy = http://my_user@my_company.com:my_password@proxy_ip:proxy_port

…然后我们可以执行安装指令:

pip3 install PyQt5

另一个选择是使用代理和证书的参数来安装软件包。

$ pip3 install --proxy http://my_user@my_company.com:my_password@proxy_ip:proxy_port \
   --cert C:/certs/python_root.pem PyQt5

要将证书*.cer文件转换为所需*.pem格式,请执行以下指令:

$ openssl x509 -inform der -in python_root.cer -out python_root.pem

希望这对某人有帮助!

One solution (for Windows) is to create a file called pip.ini on the %AppData%\pip\ folder (create the folder if it doesn’t exist) and insert the following details:

[global]
cert = C:/certs/python_root.pem
proxy = http://my_user@my_company.com:my_password@proxy_ip:proxy_port

…and then we can execute the install instruction:

pip3 install PyQt5

Another option is to install the package using arguments for the proxy and certificate…

$ pip3 install --proxy http://my_user@my_company.com:my_password@proxy_ip:proxy_port \
   --cert C:/certs/python_root.pem PyQt5

To convert the certificate *.cer files to the required *.pem format execute the following instruction:

$ openssl x509 -inform der -in python_root.cer -out python_root.pem

Hope this helps someone!


回答 22

就我而言,这是由于SSL证书是由公司内部CA签署的。使用类似的解决方法pip --cert无济于事,但以下软件包提供了帮助:

pip install pip_system_certs

参见:https : //pypi.org/project/pip-system-certs/

该软件包修补pip并在运行时请求使用默认系统存储中的证书(而不是捆绑的证书ca)。

这将使pip可以验证与cert的服务器之间的tls / ssl连接是否受系统安装信任。

In my case it was due to SSL certificate being signed by internal CA of my company. Using workarounds like pip --cert did not help, but the following package did:

pip install pip_system_certs

See: https://pypi.org/project/pip-system-certs/

This package patches pip and requests at runtime to use certificates from the default system store (rather than the bundled certs ca).

This will allow pip to verify tls/ssl connections to servers who’s cert is trusted by your system install.


回答 23

对我来说,这是因为以前我正在运行将代理(设置为提琴手),重新打开控制台或重新启动的脚本,以解决此问题。

for me this is because previously I’m running script which set proxy (to fiddler), reopening console or reboot fix the problem.


回答 24

最近,我在Visual Studio 2015的python 3.6中遇到了同样的问题。花了2天后,我得到了解决方案及其对我来说很好的工作。

尝试使用pip或从Visual Studio安装numpy时出现以下错误收集numpy无法获取URL https://pypi.python.org/simple/numpy/:确认ssl证书时出现问题:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:748)-跳过找不到满足numpy要求的版本(来自版本:)找不到numpy的匹配发行版

解析度 :

对于Windows操作系统

  1. 打开->“%appdata%”如果不存在,则创建“ pip”文件夹。
  2. 在pip文件夹中创建“ pip.ini”文件。
  3. 编辑文件并编写
    [global]
    trusted-host = pypi.python.org保存并关闭文件。现在使用pip / visual studio安装,效果很好。

Recently I faced the same issue in python 3.6 with visual studio 2015. After spending 2 days, I got the solution and its working fine for me.

I got below error while try to install numpy using pip or from visual studio Collecting numpy Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748) – skipping Could not find a version that satisfies the requirement numpy (from versions: ) No matching distribution found for numpy

Resolution :

For Windows OS

  1. open -> “%appdata%” Create “pip” folder if not exists.
  2. In pip folder create “pip.ini” file.
  3. Edit file and write
    [global]
    trusted-host = pypi.python.org Save and Close the file. Now install using pip/visual studio it works fine.

回答 25

就我而言,我在最小的高山码头工人镜像中运行Python。它缺少根CA证书。固定:

apk update && apk add ca-certificates

In my case, I was running Python in the minimal alpine docker image. It was missing root CA certificates. Fix:

apk update && apk add ca-certificates


回答 26

瓦尔斯坦回答帮助了我。

我在电脑上的任何地方都找不到pip.ini文件。以下内容也是如此。

  1. 转到AppData文件夹。您可以通过打开命令提示符并键入echo%AppData%来获取appdata文件夹。

或者直接在Windows资源管理器中键入%AppData%。

  1. 在该appdata文件夹内创建一个名为pip的文件夹。

  2. 在您刚创建的pip文件夹中,创建一个名为pip.ini的简单文本文件。

  3. 使用您选择的简单编辑器将以下配置设置粘贴到该文件中。

pip.ini文件:

[list]
format=columns

[global]
trusted-host = pypi.python.org pypi.org

您现在应该可以进行了。

Vaulstein answer helped me.

I did not find the pip.ini file anywhere on my pc. So did the following.

  1. Went to the the AppData folder. You can get the appdata folder by opening up the command prompt and type echo %AppData%

Or simply type %AppData% in windows explorer.

  1. Create a folder called pip inside of that appdata folder.

  2. In that pip folder that you just created, create a simple textfile called pip.ini

  3. Past the following config settings in that file using a simple editor of your choice.

pip.ini file:

[list]
format=columns

[global]
trusted-host = pypi.python.org pypi.org

You should now be good to go.


回答 27

我遇到了类似的问题。对我有用的解决方案1)卸载python 2.7 2)删除python27文件夹3)重新安装最新的python

I faced a similar issue. The solution that worked for me 1) uninstall python 2.7 2) delete python27 folder 3) reinstall the latest python


回答 28

对我而言,建议的方法都无效-使用cert,HTTP,可信主机。

在我的情况下,切换到该程序包的另一个版本是可行的(在此实例中,paho-mqtt 1.3.1代替了paho-mqtt 1.3.0)。

看起来问题是特定于该软件包版本的。

For me none of the suggested methods worked – using cert, HTTP, trusted-host.

In my case switching to a different version of the package worked (paho-mqtt 1.3.1 instead of paho-mqtt 1.3.0 in this instance).

Looks like problem was specific to that package version.


回答 29

如果您的系统中缺少某些证书,则可能会出现此问题。例如,在opensuse上安装ca-certificates-mozilla

You may have this problem if some certificates are missing in your system.eg on opensuse install ca-certificates-mozilla


Mitmproxy-面向渗透测试人员和软件开发人员的交互式TLS拦截HTTP代理

mitmproxy是一个交互式的、支持SSL/TLS的拦截代理,具有HTTP/1、HTTP/2和WebSocket的控制台接口

mitmdump是Mitmproxy的命令行版本。考虑HTTP的tcpdump

mitmweb是Mitmproxy的基于web的界面。

安装

安装说明如下here如果要从源代码安装,请参见CONTRIBUTING.md

文档和帮助

一般信息、教程和预编译的二进制文件可以在Mitmproxy网站上找到

Mitmproxy的文档可在我们的网站上找到:


如果您有关于如何使用Mitmproxy的问题,请在StackOverflow上询问他们!

贡献

作为一个开源项目,Mitmproxy欢迎各种形式的贡献

另外,请随时加入我们的开发者松弛!