How to get easy_install to ignore certifcate

Question

Our network install is not the best, so I need to tell applications that communicate over ssl to ignore the certificate. Had to do the same this with NPM, etc. So now when I run...

$ easy_install pip
...
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!

So how do I turn off this validation?

P.S. I know this is a security vector but humor me.

Answer 1

I believe your easy_install ultimately goes to setuptools, which has its SSL helper. On my Linux it was at /usr/lib/python2.7/site-packages/setuptools/ssl_support.py. There are 2 ways from there basically:

1. I would recommend obtaining the certificate and manually adding it, you will find the locations inside the ssl_support.py. These lines caught my attention:

   cert_paths = """
   /etc/pki/tls/certs/ca-bundle.crt
   /etc/ssl/certs/ca-certificates.crt
   /usr/share/ssl/certs/ca-bundle.crt
   /usr/local/share/certs/ca-root.crt
   /etc/ssl/cert.pem
   /System/Library/OpenSSL/certs/cert.pem
   """.strip().split()
   

   Just append your certificate to any of them. See here how to obtain a certifiate using openssl s_client: Using openssl to get the certificate from a server

2. Taking the humoring a bit further, you can completely disable SSL verification in your setuptools helper. The following lines in ssl_support.py caught my attention:

   try:
     import ssl
   except ImportError:
     ssl = None
   

   I just added ssl = None after, so that:

   try:
     import ssl
   except ImportError:
     ssl = None
   
   ssl = None