Brew 3.6.1的Brew安装:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败

时间:2017-06-20 09:42:48

标签: python ssl

我使用

安装了python 3.6

brew install python3

并尝试从https下载six.moves.urllib.request.urlretrieve的文件,但会引发错误

  

ssl.SSLError:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:749)

在Python安装中(来自.pkg),README表示在安装to之后需要运行Install Certificates.command

  1. 安装certifi
  2. 符号链接到certify路径
  3. 的证书路径

    能够使用证书。

    但是,在brew安装中,此文件不存在,似乎无法运行。

4 个答案:

答案 0 :(得分:17)

似乎由于某种原因,Brew没有运行Mac3的Python3包中的Install Certificates.command。此问题的解决方案是在Install Certificates.command之后运行以下脚本(从brew install python3复制):

# install_certifi.py
#
# sample script to install or update a set of default Root Certificates
# for the ssl module.  Uses the certificates provided by the certifi package:
#       https://pypi.python.org/pypi/certifi

import os
import os.path
import ssl
import stat
import subprocess
import sys

STAT_0o775 = ( stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR
             | stat.S_IRGRP | stat.S_IWGRP | stat.S_IXGRP
             | stat.S_IROTH |                stat.S_IXOTH )


def main():
    openssl_dir, openssl_cafile = os.path.split(
        ssl.get_default_verify_paths().openssl_cafile)

    print(" -- pip install --upgrade certifi")
    subprocess.check_call([sys.executable,
        "-E", "-s", "-m", "pip", "install", "--upgrade", "certifi"])

    import certifi

    # change working directory to the default SSL directory
    os.chdir(openssl_dir)
    relpath_to_certifi_cafile = os.path.relpath(certifi.where())
    print(" -- removing any existing file or link")
    try:
        os.remove(openssl_cafile)
    except FileNotFoundError:
        pass
    print(" -- creating symlink to certifi certificate bundle")
    os.symlink(relpath_to_certifi_cafile, openssl_cafile)
    print(" -- setting permissions")
    os.chmod(openssl_cafile, STAT_0o775)
    print(" -- update complete")

if __name__ == '__main__':
    main()

答案 1 :(得分:9)

  • 找出默认的cafile:
python -c 'import ssl; print(ssl.get_default_verify_paths().openssl_cafile)'

/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/cert.pem

sudo mkdir -p /Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/certs
  • 找出certifi的ca文件
python -c 'import certifi; print(certifi.where())'

'/ usr / local / lib / python3.7 / site-packages / certifi / cacert.pem'

  • 复制到
sudo cp /usr/local/lib/python3.7/site-packages/certifi/cacert.pem
/Applications/Xcode.app/Contents/Developer/Library/Frameworks/Python3.framework/Versions/3.7/etc/ssl/certs/cert.pem

答案 2 :(得分:5)

我的Mac OS X解决方案:

1)使用从官方Python语言网站https://www.python.org/downloads/下载的本机应用程序Python安装程序升级到Python 3.6.5

我发现这个安装程序比自制软件更好地更新新Python的链接和符号链接。

2)使用" ./安装Certificates.command"安装新证书。它位于刷新的Python 3.6目录中

  

cd" / Applications / Python 3.6 /"   sudo" ./安装Certificates.command"

答案 3 :(得分:4)

对于临时操作,以下操作将禁用ssl检查,

import ssl
ssl._create_default_https_context = ssl._create_unverified_context