buildout / easy_install / setup_tools验证SSL证书吗?

时间:2013-07-09 03:05:54

标签: ssl ssl-certificate easy-install buildout sni

我正在尝试诊断此错误:

Getting distribution for 'zc.buildout<2dev'.
Got zc.buildout 1.7.1.
Generated script '/opt/mytardis/releases/a549cd05272afe8f16c2fe5efe8158490acbde82/bin/buildout'.
Download error on http://pypi.python.org/simple/buildout-versions/: [Errno 104] Connection reset by peer -- Some packages may not be found!
Couldn't find index page for 'buildout-versions' (maybe misspelled?)
Download error on http://pypi.python.org/simple/: [Errno 104] Connection reset by peer -- Some packages may not be found!
Getting distribution for 'buildout-versions'.
STDERR: /usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'src_root'
  warnings.warn(msg)
While:
  Installing.
  Loading extensions.
  Getting distribution for 'buildout-versions'.
Error: Couldn't find a distribution for 'buildout-versions'.

它发生在Chef + buildout安装堆栈的深处。我发现的一件事是,如果我尝试直接访问buildout-versions包:

$ wget https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz#md5=731ecc0c9029f45826fa9f31d44e311d
--2013-07-09 12:50:18--  https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz
Resolving proxy.redacted.com... 123.45.67.8
Connecting to proxy.redacted.com|123.45.67.8|:8080... connected.
ERROR: certificate common name “*.a.ssl.fastly.net” doesn’t match requested host name “pypi.python.org”.
To connect to pypi.python.org insecurely, use ‘--no-check-certificate’.

我可以从桌面访问该文件。因此我怀疑代理(由大学提供,此服务器必须使用它来访问网络)。它设置为https_proxy=...

这可能是构建失败的原因吗?有什么方法吗?

4 个答案:

答案 0 :(得分:11)

你的wget版本太旧了。

wget从版本1.14开始仅支持SNI(Server Name Indication),并且需要在pypi.python.org上提供正确的证书才能提供TLS扩展。

答案 1 :(得分:4)

是的,zc.buildouteasy_install都使用urllib2来检索HTTPS资源which does not verify SSL certificates

  

警告:HTTPS请求不会对服务器的证书进行任何验证。

您的wget工具确实验证了证书,但您的本地证书颁发机构证书似乎不完整;有关如何更新这些内容的说明,请参阅SSL certificate rejected trying to access GitHub over HTTPS behind firewall

至于您的原始错误,您的防火墙代理正在进行对等重置。

根据PEP 476,Python 2.7.9可以解决这种情况。从该版本开始,urllib2将默认验证SSL证书。

答案 2 :(得分:1)

自Python 2.7.9(已发布)/ 3.4.3(即将发布)以来,默认情况下验证证书:

  

使用系统证书存储的HTTPS证书验证是   现在默认启用。有关详细信息,请参阅PEP 476.

https://www.python.org/downloads/release/python-279/

答案 3 :(得分:0)

你可以尝试一下:

wget http://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg#md5=fe1f997bc722265116870bc7919059ea --no-check-certificate
相关问题
最新问题