Python 3.6.1 BREW安装:[SSL:证书验证失败]证书验证失败

30byixjq  于 2022-11-14  发布在  Python
关注(0)|答案(6)|浏览(220)

我安装python 3.6时使用的是
brew install python3
并尝试从https下载six.moves.urllib.request.urlretrieve的文件,但它抛出错误
ssl.SSLError:[SSL:证书验证失败]证书验证失败(_ssl.c:749)
在Python安装(从.pkg)中,自述文件指出需要在安装to之后运行Install Certificates.command
1.安装certifi
1.将证书路径符号链接到certify路径
才能使用证书。
但是,在brew install中,此文件不存在,似乎也没有运行。

dl5txlt9

dl5txlt91#

似乎由于某种原因,Brew没有运行Mac版Python3软件包中的Install Certificates.command。此问题的解决方案是在brew install python3之后运行以下脚本(从Install Certificates.command复制):

# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module.  Uses the certificates provided by the certifi package:
#       https://pypi.python.org/pypi/certifi

import os
import os.path
import ssl
import stat
import subprocess
import sys

STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
             | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
             | stat.S_IROTH |                stat.S_IXOTH )

def main():
    openssl_dir, openssl_cafile = os.path.split(
        ssl.get_default_verify_paths().openssl_cafile)

    print(" -- pip install --upgrade certifi")
    subprocess.check_call([sys.executable,
        "-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])

    import certifi

    # change working directory to the default SSL directory
    os.chdir(openssl_dir)
    relpath_to_certifi_cafile = os.path.relpath(certifi.where())
    print(" -- removing any existing file or link")
    try:
        os.remove(openssl_cafile)
    except FileNotFoundError:
        pass
    print(" -- creating symlink to certifi certificate bundle")
    os.symlink(relpath_to_certifi_cafile, openssl_cafile)
    print(" -- setting permissions")
    os.chmod(openssl_cafile, STAT_0o775)
    print(" -- update complete")

if __name__ == '__main__':
    main()
lmvvr0a8

lmvvr0a82#

我的Mac OS X解决方案:
1)使用从Python语言官方网站https://www.python.org/downloads/下载的原生应用程序Python安装程序升级到Python 3.6.5
我发现这个安装程序在更新新Python的链接和符号链接方面比自制的好得多。
2)使用更新后的Python 3.6目录中的.“/Install Certificates.command”安装新证书
安装证书命令”

n6lpvg4x

n6lpvg4x3#

  • 查找默认cafile:
python -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)'

/应用程序Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/cert.pem

sudo mkdir -p /Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/certs
  • 找出certifi的ca文件
python -c 'import certifi; print(certifi.where())'

'/usr/local/lib/python3.7/站点软件包/证书/认证证书.pem'

  • 复制到
sudo cp /usr/local/lib/python3.7/site-packages/certifi/cacert.pem
/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/certs/cert.pem
hc2pp10m

hc2pp10m4#

以下操作将暂时禁用SSL检查,

import ssl
ssl._create_default_https_context = ssl._create_unverified_context
eoigrqb6

eoigrqb65#

如果你需要让你的本地根证书(例如local_RootCA.crt)成为python信任的证书,你可以把它添加到certifi/cacert.pem文件的末尾:

cat local_RootCA.crt >> `python -c 'import certifi; print(certifi.where())'`

这个解决方案也适用于macos brew python 3的安装。

tzxcd3kk

tzxcd3kk6#

将SSL_CERT_FILE环境变量定位到ca文件也可以工作,并且它不是侵入性的。

相关问题