SSL:macOS 10.15上的python3出现CERTIFICATE_VERIFY_FAILED错误 [英] SSL: CERTIFICATE_VERIFY_FAILED error with python3 on macOS 10.15
问题描述
/usr/bin/python3(当前为DB6/PB5,具有Xcode 11 beta 6)均失败,并出现SSL: CERTIFICATE_VERIFY_FAILED的错误.来自urllib.request:
/usr/bin/python3 from Xcode/CLT on macOS 10.15 (DB6/PB5 at the moment, with Xcode 11 beta 6) fails with SSL: CERTIFICATE_VERIFY_FAILED for all HTTPS requests originating from PSL, e.g. from urllib.request:
$ /usr/bin/python3 -c 'import urllib.request; urllib.request.urlopen("https://www.apple.com/")'
...
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)>
如何解决这个问题?
(我知道答案,很快就会发布;只是在其他人遇到的情况下分享它即可.)
(I know the answer, will post shortly; just sharing it in case other people run into it.)
推荐答案
问题是/usr/bin/python3(来自Xcode或CLT)无法正确定位/etc/ssl中的信任存储,正如我们使用
The problem is that /usr/bin/python3 (from either Xcode or CLT) fails to correctly locate the trust store in /etc/ssl, as we can see using ssl.get_default_verify_paths():
$ /usr/bin/python3 -c 'import ssl; print(ssl.get_default_verify_paths())'
DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/certs')
正在调查不存在的/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl.
知道了这一点,我们可以使用以下技巧:
Knowing this, we can use the following hack:
$ sudo rsync -avzP /etc/ssl/ /Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/
我已经向Apple提交了一个错误报告(顺便说一句,刚刚意识到bugreport.apple.com现在不见了,我不得不使用Feedback Assistant网站).打开雷达 https://openradar.appspot.com/7111585 (不幸的是,该雷达号是错误的,因为有错误报告.apple.com不见了,我不再有雷达编号,只有一个反馈编号FB7111585).
I've submitted a bug report to Apple (btw, just realized bugreport.apple.com is now gone, and I had to use the Feedback Assistant website). Open radar https://openradar.appspot.com/7111585 (that radar number is unfortunately wrong — since bugreport.apple.com is gone, I don't have a radar number anymore, only a feedback number FB7111585).
这篇关于SSL:macOS 10.15上的python3出现CERTIFICATE_VERIFY_FAILED错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
