Code
2023-06-21 05:00:20

pip install failed with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"

我对Python非常陌生,并试图在Windows 7上安装链接检查器。一些注意事项:

pip install is failing no matter the package. For example, > pip install scrapy also results in the SSL error. Vanilla install of Python 3.4.1 included pip 1.5.6. The first thing I tried to do was install linkchecker. Python 2.7 was already installed, it came with ArcGIS. python and pip were not available from the command line until I installed 3.4.1. > pip search linkchecker works. Perhaps that is because pip search does not verify the site's SSL certificate. I am in a company network but we do not go through a proxy to reach the Internet. Each company computer (including mine) has a Trusted Root Certificate Authority that is used for various reasons including enabling monitoring TLS traffic to https://google.com. Not sure if that has anything to do with it.

下面是运行pip install linkchecker后我的pip.log的内容:

Downloading/unpacking linkchecker
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: HTTPSConnectionPool(host='pypi.python.org', port=443): Max retries exceeded with url: /simple/ (Caused by <class 'http.client.CannotSendRequest'>: Request-sent)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for linkchecker
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for linkchecker:
  * https://pypi.python.org/simple/linkchecker/
  Getting page https://pypi.python.org/simple/linkchecker/
  Could not fetch URL https://pypi.python.org/simple/linkchecker/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/linkchecker/ when looking for download links for linkchecker
  Could not find any downloads that satisfy the requirement linkchecker
Cleaning up...
  Removing temporary dir C:\Users\jcook\AppData\Local\Temp\pip_build_jcook...
No distributions at all found for linkchecker
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for linkchecker

当前回答

您可以通过以下方法解决CERTIFICATE_VERIFY_FAILED问题:

Use HTTP instead of HTTPS (e.g. --index-url=http://pypi.python.org/simple/). Use --cert <trusted.pem> or CA_BUNDLE variable to specify alternative CA bundle. E.g. you can go to failing URL from web-browser and import root certificate into your system. Run python -c "import ssl; print(ssl.get_default_verify_paths())" to check the current one (validate if exists). OpenSSL has a pair of environments (SSL_CERT_DIR, SSL_CERT_FILE) which can be used to specify different certificate databasePEP-476. Use --trusted-host <hostname> to mark the host as trusted. In Python use verify=False for requests.get (see: SSL Cert Verification). Use --proxy <proxy> to avoid certificate checks.

阅读更多:TLS/SSL包装套接字对象-验证证书。

2016-08-24 13:30:40

其他回答

对我来说,所有建议的方法都不起作用——使用cert、HTTP、trusted-host。

在我的例子中,切换到不同版本的包是可行的(在本例中是paho-mqtt 1.3.1,而不是paho-mqtt 1.3.0)。

看来问题只针对那个版本。

2017-10-13 18:28:16

我最近遇到了这个问题,因为我公司的网页内容过滤器使用自己的证书颁发机构,以便它可以过滤SSL流量。在我的情况下,PIP似乎没有使用系统的CA证书,产生了您提到的错误。后来,将PIP降级到1.2.1版本也出现了一系列问题,所以我回到了Python 3.4附带的原始版本。

我的解决方法非常简单:使用easy_install。要么它不检查certs(就像旧的PIP版本一样),要么它知道使用系统certs,因为它每次都对我有效,我仍然可以使用PIP卸载安装在easy_install中的包。

如果这不起作用,并且您可以访问没有问题的网络或计算机,您总是可以设置自己的个人PyPI服务器:如何在没有镜像的情况下创建本地自己的PyPI存储库索引?

在尝试使用easy_install作为最后的努力之前,我几乎是这样做的。

2014-12-23 15:17:53

如果您的系统中缺少某些证书,则可能会遇到此问题。在opensuse上安装ca-certificates-mozilla

2018-03-19 20:32:27

这单子上的东西我都试过了!没有一个成功。 我意识到我的连接不稳定,所以我把调制解调器的电源插了一分钟 解决了我的问题:)

2021-07-18 13:42:27

我发现最直接的方法是下载和使用“DigiCert高保证EV根CA”从DigiCert https://www.digicert.com/digicert-root-certificates.htm#roots

您可以访问https://pypi.python.org/,通过点击地址栏中的锁图标来验证证书颁发者,或者通过使用openssl来增加您的极客信用:

$ openssl s_client -connect pypi.python.org:443
CONNECTED(00000003)
depth=1 /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/businessCategory=Private Organization/1.3.6.1.4.1.311.60.2.1.3=US/1.3.6.1.4.1.311.60.2.1.2=Delaware/serialNumber=3359300/street=16 Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro,/O=Python Software Foundation/CN=www.python.org
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
 1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2 Extended Validation Server CA
   i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High Assurance EV Root CA

证书链中的最后一个CN值为需要下载的CA的名称。

为了一次性的努力,请执行以下操作:

从DigiCert下载对照表 将CRT转换为PEM格式 2 .将PIP_CERT环境变量导出到PEM文件所在路径下

(最后一行假设您正在使用bash shell),然后运行pip。

curl -sO http://cacerts.digicert.com/DigiCertHighAssuranceEVRootCA.crt 
openssl x509 -inform DES -in DigiCertHighAssuranceEVRootCA.crt -out DigiCertHighAssuranceEVRootCA.pem -text
export PIP_CERT=`pwd`/DigiCertHighAssuranceEVRootCA.pem

要使其可重用,请放入digicerthighassurance anceevrootca。然后在~/.bashrc中导出相应的PIP_CERT。

2015-02-25 16:53:57

推荐文章

aliyun

最新文章

标签

2024 code 京ICP备15047053号-1