[Chicago] Is pypi.python.org really running with a self-signed cert?

Robare, Phillip (Randstant) proba at allstate.com
Fri Mar 6 21:10:04 CET 2015 

I have found that the problem is that Cygwin does not come with any certificates.  curl and wget are looking for them in the Cygwin directory /usr/ssl which holds a link to an empty certificate bundle.  StackOverflow has a discussion at http://stackoverflow.com/questions/9224298/how-do-i-fix-certificate-errors-when-running-wget-on-an-https-url-in-cygwin.  Unfortunately the suggestions there did not work for me, probably because of a lack of administrative privs on this machine.  There is a script at https://github.com/bagder/curl/blob/master/lib/firefox-db2pem.sh that will take the certificates out of Firefox and put them into a bundle, and said bundle is supposed to work with curl.  Another option is that OpenSSL on their page http://curl.haxx.se/docs/caextract.html offers a cert bundle that can retrieved through the web browser.  That last is what I will probably do although trusting stuff downloaded without even a verification hash seems wrong.  Although not as wrong as turning off certificate checking in curl.

Phil Robare
probare at rcnchicago.com
===========================================

On : Friday, March 06, 2015 at 1:40 PM, William Clemens < wesclemens at gmail.com > wrote:

Are you behind a proxy? I was able to curl the file without issue.

===========================================
On Thu, Mar 5, 2015 at 9:58 PM, Adam Bain <bainada.iit at gmail.com> wrote:
Definitely not self-signed, on my browser its signed by DigiCert. SHA256 fingerprint beginning with 9f249e91. Not really sure whats causing your error, do you maybe need to tell curl about which root certs to trust?

===========================================
On Thu, Mar 5, 2015, 9:16 PM Robare, Phillip  <proba at allstate.com> wrote:
I was trying to get my environment set up on a new work computer (Cygwin with cygwin's python 2.7 under Windows) so I downloaded and ran ez_setup.py.  It errored on a line where it calls curl to download setuptools
...
Does anyone else have a problem with pypi's certificate?  Or a work-around for getting ez_install to run?

Thanks,

Phil Robare

More information about the Chicago mailing list