Menu
Our network install is not the best, so I need to tell applications that communicate over ssl to ignore the certificate. Had to do the same this with NPM, etc. So now when I run...
$ easy_install pip
...
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!
So how do I turn off this validation?
P.S. I know this is a security vector but humor me.
503
To bypass SSL certificate validation for local and test servers, you can pass the -k or --insecure option to the Curl command. This option explicitly tells Curl to perform "insecure" SSL connections and file transfers. Curl will ignore any security warnings about an invalid SSL certificate and accept it as valid.
If there is a problem with confirming the SSL certificate of a repository, you can add it as a --trusted-host that will make pip ignore the SSL certificate check for this repository.
New in version 1.3. By default, pip will perform SSL certificate verification for network connections it makes over HTTPS. These serve to prevent man-in-the-middle attacks against package downloads. This does not use the system certificate store but, instead, uses a bundled CA certificate store from certifi.
I believe your easy_install ultimately goes to setuptools, which has its SSL helper. On my Linux it was at /usr/lib/python2.7/site-packages/setuptools/ssl_support.py. There are 2 ways from there basically:
I would recommend obtaining the certificate and manually adding it, you will find the locations inside the ssl_support.py. These lines caught my attention:
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
/etc/ssl/cert.pem
/System/Library/OpenSSL/certs/cert.pem
""".strip().split()
Just append your certificate to any of them. See here how to obtain a certifiate using openssl s_client: Using openssl to get the certificate from a server
Taking the humoring a bit further, you can completely disable SSL verification in your setuptools helper. The following lines in ssl_support.py caught my attention:
try:
import ssl
except ImportError:
ssl = None
I just added ssl = None after, so that:
try:
import ssl
except ImportError:
ssl = None
ssl = None
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
