CODEWITHSUNDEEP
pythoneasy-install
Jackie
Jackie

Reputation: 23509

How to get easy_install to ignore certifcate

Our network install is not the best, so I need to tell applications that communicate over ssl to ignore the certificate. Had to do the same this with NPM, etc. So now when I run...

$ easy_install pip
...
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!

So how do I turn off this validation?

P.S. I know this is a security vector but humor me.

Upvotes: 9

Views: 12265

Answers (1)

borancar
borancar

Reputation: 1189

I believe your easy_install ultimately goes to setuptools, which has its SSL helper. On my Linux it was at /usr/lib/python2.7/site-packages/setuptools/ssl_support.py. There are 2 ways from there basically:

  1. I would recommend obtaining the certificate and manually adding it, you will find the locations inside the ssl_support.py. These lines caught my attention:

    cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
/etc/ssl/cert.pem
/System/Library/OpenSSL/certs/cert.pem
""".strip().split()

    Just append your certificate to any of them. See here how to obtain a certifiate using openssl s_client: Using openssl to get the certificate from a server

  2. Taking the humoring a bit further, you can completely disable SSL verification in your setuptools helper. The following lines in ssl_support.py caught my attention:

    try:
  import ssl
except ImportError:
  ssl = None

    I just added ssl = None after, so that:

    try:
  import ssl
except ImportError:
  ssl = None

ssl = None

Upvotes: 10

Related Questions