Can I relink enthought python to new version of openssl on Mac OS X?

Question

This morning, I'm running into SSL related problems using EPD 7.3 on Mac OS X 10.6.8. When I run pip (version 1.3.1), I get:

pip install requests
Downloading/unpacking requests
  Could not fetch URL https://pypi.python.org/simple/requests/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
  Will skip URL https://pypi.python.org/simple/requests/ when looking for download links for requests
  Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
  Will skip URL https://pypi.python.org/simple/ when looking for download links for requests
  Cannot fetch index base URL https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/requests/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
  Will skip URL https://pypi.python.org/simple/requests/ when looking for download links for requests
  Could not find any downloads that satisfy the requirement requests
No distributions at all found for requests

I think I'm running into the problem detailed in https://github.com/pypa/pip/issues/829 and https://groups.google.com/d/msg/python-virtualenv/C_a_IX_8Ejc/83l8XfpUarQJ -- that is, the version of openssl linked to python is too old:

python -c "import ssl; print ssl.OPENSSL_VERSION"

returns

OpenSSL 0.9.7l 28 Sep 2006

My question is whether it's possible for me to get the EPD Mac version of Python to link to a newer version of openssl -- or is this change something Enthought needs to do?

(I just figured out to compile openssl on my Mac (using instructions at http://techscienceinterest.blogspot.com/2010/12/compiling-openssl-on-mac-os-x-snow.html) and use homebrew to build my own Python executable to use a newer version of openssl (http://hackercodex.com/guide/python-virtualenv-on-mac-osx-mountain-lion-10.8/).

Answer 1

Raymond, thanks for the report. EPD's successor, now in late beta, contains OpenSSL 0.9.8r 8 Feb 2011, and does not have this problem. (FWIW, it also contains a recent version of requests, which you were attempting to install when you hit the SSL issue.)

It will be out of beta very soon, but in the meantime I see that you already have a beta invitation if you would like to try it there.

We will also investigate possible fixes or workarounds for EPD 7.3.

Answer 2

I'm finding that with the new SSL-conscious pypi I have to allow-unverified and allow-external for a lot of packages. So for requests, this would be:

pip install --upgrade --force-reinstall --allow-all-external --allow-unverified requests requests