Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does buildout/easy_install/setup_tools verify SSL certificates?

Tags:

easy-install

ssl

ssl-certificate

buildout

sni

I'm trying to diagnose this error:

Getting distribution for 'zc.buildout<2dev'.
Got zc.buildout 1.7.1.
Generated script '/opt/mytardis/releases/a549cd05272afe8f16c2fe5efe8158490acbde82/bin/buildout'.
Download error on http://pypi.python.org/simple/buildout-versions/: [Errno 104] Connection reset by peer -- Some packages may not be found!
Couldn't find index page for 'buildout-versions' (maybe misspelled?)
Download error on http://pypi.python.org/simple/: [Errno 104] Connection reset by peer -- Some packages may not be found!
Getting distribution for 'buildout-versions'.
STDERR: /usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'src_root'
  warnings.warn(msg)
While:
  Installing.
  Loading extensions.
  Getting distribution for 'buildout-versions'.
Error: Couldn't find a distribution for 'buildout-versions'.

It happens deep inside a Chef + buildout installation stack. One thing I have discovered is that if I attempt to access the buildout-versions package directly:

$ wget https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz#md5=731ecc0c9029f45826fa9f31d44e311d
--2013-07-09 12:50:18--  https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz
Resolving proxy.redacted.com... 123.45.67.8
Connecting to proxy.redacted.com|123.45.67.8|:8080... connected.
ERROR: certificate common name “*.a.ssl.fastly.net” doesn’t match requested host name “pypi.python.org”.
To connect to pypi.python.org insecurely, use ‘--no-check-certificate’.

I can access the file fine from my desktop. So I suspect the proxy (provided by a university, and this server has to use it to reach the web). It's set with https_proxy=....

Is this the likely cause of buildout failing? Any way around it?

like image 374
Steve Bennett Avatar asked Dec 04 '22 10:12

Steve Bennett

1 Answers

Your version of wget is too old.

wget started to support SNI (Server Name Indication) only since version 1.14 and that TLS extension is needed to be presented the correct certificate on pypi.python.org.

like image 124
Bruno Rohée Avatar answered Apr 27 '23 21:04

Bruno Rohée
Sign in to Comment

Related questions

Google Charts of SSL
ASIHTTPRequest with SSL failed on iOS 5.0/5.0.1
How to connect to MySQL with X509 using JDBC?
Automate SSL FTP upload via PowerShell
Phpmailer using smtp with Gmail not working - connection timing out
How to config local Jetty ssl to avoid weak phermeral DH key error?
How to extract x509 in python
Git stopped working over SSL on Windows
How to know if an Azure Server is under TLS 1.2
SSL Certificate for multiple servers
javax.net.ssl.SSLException: hostname in certificate didn't match in Android
Java 6 ECDHE Cipher Suite Support
Jetty WebSocketClientSelectorManager - Connection Failed java.io.IOException: Cannot init SSL
MariaDB over SSL not working, "certificate verify failed"
adding AWS public certificate with NGINX
Is it OK to design and test a secure web app without SSL?
Wordpress Update problemDownload failed.: SSL certificate
What version of TLS is used in a .NET application installed on different operating systems
sequelize secure connection for azure mysql
Openssl TLS extension support configuration (Server Name Indication)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!