pip:证书失败，但 curl 有效 [英] pip: cert failed, but curl works

查看：21 发布时间：2021/12/14 14:33:09 python curl ssl pip

本文介绍了pip:证书失败，但 curl 有效的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我们在客户端安装了我们的根证书，并且 https 连接适用于 curl.

We installed the our root cert on the client, and the https connection works for curl.

但是如果我们尝试使用 pip，它会失败:

But if we try to use pip, it fails:

Could not fetch URL https://installserver:40443/pypi/simple/pep8/:
There was a problem confirming the ssl certificate: 
<urlopen error [Errno 1] _ssl.c:499: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>

证书在客户端上.见:

(foo_fm_qti)foo_fm_qti@vis-work:~$ curl -v https://installserver:40443/pypi/simple/pep8/
* About to connect() to installserver port 40443 (#0)
*   Trying 127.0.0.1... connected
* Connected to installserver (127.0.0.1) port 40443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs/
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS alert, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*    subject: C=DE; ST=Sachsen; L=Chemnitz; O=FOO-COM GmbH; OU=DV; CN=gray.foo-com.lan; emailAddress=info@foo-com.de
*    start date: 2013-09-09 10:47:50 GMT
*    expire date: 2019-05-24 10:47:50 GMT
*    subjectAltName: installserver matched
*    issuer: C=DE; ST=Sachsen; L=Chemnitz; O=FOO-COM GmbH; CN=FOO-COM Root CA; emailAddress=info@foo-com.de
*    SSL certificate verify ok.
> GET /pypi/simple/pep8/ HTTP/1.1

版本:pip 1.4.1

Version: pip 1.4.1

推荐答案

不幸的是 pip 不使用系统证书，但 curl 使用.

Unfortunately pip does not use the system certs, but curl does.

我找到了一个解决方案:

I found a solution:

pip --cert /etc/ssl/certs/FOO_Root_CA.pem install pep8

这不太好(curl 和其他库在不添加参数的情况下找到证书)但有效.

This is not nice (curl and other libraries find the cert without adding a parameter) but works.

如果不想使用命令行参数，可以在~/.pip/pip.conf中设置证书:

If you don't want to use the command line argument, you can set the cert in ~/.pip/pip.conf:

[global]
cert = /etc/ssl/certs/Foo_Root_CA.pem

这篇关于pip:证书失败，但 curl 有效的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

pip:证书失败，但 curl 有效 [英] pip: cert failed, but curl works

问题描述

推荐答案

相关文章

Python最新文章

热门教程

热门工具

登录关闭

pip:证书失败，但 curl 有效 [英] pip: cert failed, but curl works

问题描述

推荐答案

相关文章

Python最新文章

热门教程

热门工具

登录 关闭

登录关闭