pip 安装时出现“SSL 证书验证失败:证书链中的自签名证书”

问题描述 投票:0回答:1

我是一家拥有自签名证书的公司代理,我想通过 

tensorstore
安装 
pip
pip
显然会下载并运行一个 Python 脚本 
bazelisk.py
,而该脚本又使用 
urllib
从互联网上获取更多内容。但是,此操作失败并显示 
CERTIFICATE_VERIFY_FAILED
错误消息:

$ pip install --trusted-host=example.com --index-url=http://example.com/pypi/simple
...
  Downloading https://releases.bazel.build/6.4.0/release/bazel-6.4.0-linux-arm64...
  Traceback (most recent call last):
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 1346, in do_open
      h.request(req.get_method(), req.selector, req.data, headers,
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/http/client.py", line 1285, in request
      self._send_request(method, url, body, headers, encode_chunked)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/http/client.py", line 1331, in _send_request
      self.endheaders(body, encode_chunked=encode_chunked)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/http/client.py", line 1280, in endheaders
      self._send_output(message_body, encode_chunked=encode_chunked)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/http/client.py", line 1040, in _send_output
      self.send(msg)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/http/client.py", line 980, in send
      self.connect()
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/http/client.py", line 1454, in connect
      self.sock = self._context.wrap_socket(self.sock,
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/ssl.py", line 500, in wrap_socket
      return self.sslsocket_class._create(
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/ssl.py", line 1040, in _create
      self.do_handshake()
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/ssl.py", line 1309, in do_handshake
      self._sslobj.do_handshake()
  ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1129)

  During handling of the above exception, another exception occurred:

  Traceback (most recent call last):
    File "/tmp/pip-install-ycop_psv/tensorstore_1008eee73d464825b2e191c044b9e306/bazelisk.py", line 492, in <module>
      sys.exit(main())
    File "/tmp/pip-install-ycop_psv/tensorstore_1008eee73d464825b2e191c044b9e306/bazelisk.py", line 477, in main
      bazel_path = get_bazel_path()
    File "/tmp/pip-install-ycop_psv/tensorstore_1008eee73d464825b2e191c044b9e306/bazelisk.py", line 470, in get_bazel_path
      return download_bazel_into_directory(bazel_version, is_commit, bazel_directory)
    File "/tmp/pip-install-ycop_psv/tensorstore_1008eee73d464825b2e191c044b9e306/bazelisk.py", line 304, in download_bazel_into_directory
      download(bazel_url, destination_path)
    File "/tmp/pip-install-ycop_psv/tensorstore_1008eee73d464825b2e191c044b9e306/bazelisk.py", line 353, in download
      with closing(urlopen(request)) as response, open(destination_path, "wb") as file:
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 214, in urlopen
      return opener.open(url, data, timeout)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 517, in open
      response = self._open(req, data)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 534, in _open
      result = self._call_chain(self.handle_open, protocol, protocol +
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 494, in _call_chain
      result = func(*args)
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 1389, in https_open
      return self.do_open(http.client.HTTPSConnection, req,
    File "/home/user/anaconda3/envs/PyTorch-1.11.0/lib/python3.9/urllib/request.py", line 1349, in do_open
      raise URLError(err)
  urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate in certificate chain (_ssl.c:1129)>
  error: command '/home/user/anaconda3/envs/PyTorch-1.11.0/bin/python3.9' failed with exit code 1
  ----------------------------------------
  ERROR: Failed building wheel for tensorstore
Failed to build tensorstore
ERROR: Could not build wheels for tensorstore which use PEP 517 and cannot be installed directly

我已经从 Huggingface 等软件中知道了这个错误消息,并且在很多情况下都设法解决了它。

我已经将所需的公司证书放入 

/etc/pki/ca-trust/source/anchors
并随后运行 
update-ca-trust
(注意:我使用的是 CentOS 派生的发行版)。通过验证时间戳和
/etc/pki/tls/cert.pem
的内容,我确保更新成功。 
curl https://www.google.com
有效。但
pip install
仍然失败。

所以,我

pip install certifi
,然后重试了。仍然失败。 
certifi
实际上安装的是
requests
的证书,自然不包括我们公司的自签名证书。因此,我将 certifi 的 PEM 文件替换为上述 
/etc/pki/tls/cert.pem
:

mv "$(python -m certifi)"{,.bak}
ln -s "/etc/pki/tls/cert.pem" "$(python -m certifi)"

但这并没有改变什么。 

pip install tensorstore
仍然失败并出现上述错误。

设置

REQUESTS_CA_BUNDLE
在这里不起作用,因为不涉及
requests

目前我还不清楚。网上向我提供的任何解决方案都仅围绕我已经提到的解决方案。即使是快速而肮脏的

verify=False
等效PYTHONHTTPSVERIFY未经验证的SSL上下文也无法应用于我当前的情况,因为脚本运行是临时的,每次我尝试安装时都会下载。

那么,我该如何解决这个问题呢?

python ssl pip self-signed
1个回答
0
投票

设置 

SSL_CERT_FILE
成功引导 Python 的 
urllib
到正确的 PEM 文件:

$ export SSL_CERT_FILE=/etc/pki/tls/cert.pem
$ pip install --trusted-host=example.com --index-url=http://example.com/pypi/simple tensorstore

但是现在,另一个可能不相关的问题发生了。 Java中的SSL证书问题...

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.