我们在客户端安装了我们的根证书,并且 https 连接适用于 curl。
但是如果我们尝试使用 pip,它会失败:
Could not fetch URL https://installserver:40443/pypi/simple/pep8/:
There was a problem confirming the ssl certificate:
<urlopen error [Errno 1] _ssl.c:499: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
证书在客户端。见:
(foo_fm_qti)foo_fm_qti@vis-work:~$ curl -v https://installserver:40443/pypi/simple/pep8/
* About to connect() to installserver port 40443 (#0)
* Trying 127.0.0.1... connected
* Connected to installserver (127.0.0.1) port 40443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
* subject: C=DE; ST=Sachsen; L=Chemnitz; O=FOO-COM GmbH; OU=DV; CN=gray.foo-com.lan; emailAddress=info@foo-com.de
* start date: 2013-09-09 10:47:50 GMT
* expire date: 2019-05-24 10:47:50 GMT
* subjectAltName: installserver matched
* issuer: C=DE; ST=Sachsen; L=Chemnitz; O=FOO-COM GmbH; CN=FOO-COM Root CA; emailAddress=info@foo-com.de
* SSL certificate verify ok.
> GET /pypi/simple/pep8/ HTTP/1.1
版本:pip 1.4.1
最佳答案
不幸的是,pip 不使用系统证书,但 curl 可以。
我找到了一个解决方案:
pip --cert /etc/ssl/certs/FOO_Root_CA.pem install pep8
这不是很好(curl 和其他库在不添加参数的情况下找到证书)但有效。
如果你不想使用命令行参数,你可以在 ~/.pip/pip.conf 中设置证书:
[global]
cert = /etc/ssl/certs/Foo_Root_CA.pem
关于python - pip:证书失败,但 curl 有效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/18273015/