[Chicago] Is pypi.python.org really running with a self-signed cert?
Robare, Phillip (Randstant)
proba at allstate.com
Fri Mar 6 21:10:04 CET 2015
I have found that the problem is that Cygwin does not come with any certificates. curl and wget are looking for them in the Cygwin directory /usr/ssl which holds a link to an empty certificate bundle. StackOverflow has a discussion at http://stackoverflow.com/questions/9224298/how-do-i-fix-certificate-errors-when-running-wget-on-an-https-url-in-cygwin. Unfortunately the suggestions there did not work for me, probably because of a lack of administrative privs on this machine. There is a script at https://github.com/bagder/curl/blob/master/lib/firefox-db2pem.sh that will take the certificates out of Firefox and put them into a bundle, and said bundle is supposed to work with curl. Another option is that OpenSSL on their page http://curl.haxx.se/docs/caextract.html offers a cert bundle that can retrieved through the web browser. That last is what I will probably do although trusting stuff downloaded without even a verification hash seems wrong. Although not as wrong as turning off certificate checking in curl.
Phil Robare
probare at rcnchicago.com
===========================================
On : Friday, March 06, 2015 at 1:40 PM, William Clemens < wesclemens at gmail.com > wrote:
Are you behind a proxy? I was able to curl the file without issue.
===========================================
On Thu, Mar 5, 2015 at 9:58 PM, Adam Bain <bainada.iit at gmail.com> wrote:
Definitely not self-signed, on my browser its signed by DigiCert. SHA256 fingerprint beginning with 9f249e91. Not really sure whats causing your error, do you maybe need to tell curl about which root certs to trust?
===========================================
On Thu, Mar 5, 2015, 9:16 PM Robare, Phillip <proba at allstate.com> wrote:
I was trying to get my environment set up on a new work computer (Cygwin with cygwin's python 2.7 under Windows) so I downloaded and ran ez_setup.py. It errored on a line where it calls curl to download setuptools
...
Does anyone else have a problem with pypi's certificate? Or a work-around for getting ez_install to run?
Thanks,
Phil Robare
More information about the Chicago
mailing list