Issue45839
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2021-11-18 21:52 by mirfanasghar, last changed 2022-04-11 14:59 by admin. This issue is now closed.
Messages (10) | |||
---|---|---|---|
msg406566 - (view) | Author: Muhammad Irfan Asghar (mirfanasghar) | Date: 2021-11-18 21:52 | |
pip3.10 install pandas WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/pandas/ WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/pandas/ WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/pandas/ WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/pandas/ WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/pandas/ Could not fetch URL https://pypi.org/simple/pandas/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pandas/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) - skipping ERROR: Could not find a version that satisfies the requirement pandas (from versions: none) ERROR: No matching distribution found for pandas Could not fetch URL https://pypi.org/simple/pip/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/pip/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) - skipping |
|||
msg406568 - (view) | Author: Eric V. Smith (eric.smith) * | Date: 2021-11-18 23:59 | |
Please provide information about the system you’re running on. Also, tell us how Python was installed. I assume the title should be “… is unable to install …”. |
|||
msg406587 - (view) | Author: Muhammad Irfan Asghar (mirfanasghar) | Date: 2021-11-19 14:20 | |
Hi Eric Thanks for your reply. I am using MacOS Big Sur version 11.5.1. And I installed from python.org by downloading version for macOS and double click and installed it. Also installed PyCharm On Fri, Nov 19, 2021 at 12:59 AM Eric V. Smith <report@bugs.python.org> wrote: > > Eric V. Smith <eric@trueblade.com> added the comment: > > Please provide information about the system you’re running on. Also, tell > us how Python was installed. > > I assume the title should be “… is unable to install …”. > > ---------- > nosy: +eric.smith > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue45839> > _______________________________________ > |
|||
msg406588 - (view) | Author: Christian Heimes (christian.heimes) * | Date: 2021-11-19 14:31 | |
The bug report is a duplicate of bpo-43404. Python cannot use the system trust store on macOS. You need to follow the instructions at the end of the installation process to install root CA certificates. tl;dr run the " Install Certificates.command" from the installation folder. |
|||
msg406656 - (view) | Author: Muhammad Irfan Asghar (mirfanasghar) | Date: 2021-11-20 14:20 | |
Dear Christian I ran the "Install Certificate.command" from installation forum, but it gave the following error message =============================================================================== muhammadirfanasghar@Muhammads-MacBook-Pro ~ % /Applications/Python\ 3.10/Install\ Certificates.command ; exit; -- pip install --upgrade certifi WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/certifi/ WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/certifi/ WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/certifi/ WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/certifi/ WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))': /simple/certifi/ Could not fetch URL https://pypi.org/simple/certifi/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/certifi/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)'))) - skipping ERROR: Could not find a version that satisfies the requirement certifi (from versions: none) ERROR: No matching distribution found for certifi WARNING: You are using pip version 21.2.3; however, version 21.3.1 is available. You should consider upgrading via the '/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10 -m pip install --upgrade pip' command. Traceback (most recent call last): File "<stdin>", line 44, in <module> File "<stdin>", line 24, in main File "/Library/Frameworks/Python.framework/Versions/3.10/lib/python3.10/subprocess.py", line 369, in check_call raise CalledProcessError(retcode, cmd) subprocess.CalledProcessError: Command '['/Library/Frameworks/Python.framework/Versions/3.10/bin/python3.10', '-E', '-s', '-m', 'pip', 'install', '--upgrade', 'certifi']' returned non-zero exit status 1. Saving session... ...copying shared history... ...saving history...truncating history files... ...completed. ====================================================================================================== On Fri, Nov 19, 2021 at 3:31 PM Christian Heimes <report@bugs.python.org> wrote: > > Christian Heimes <lists@cheimes.de> added the comment: > > The bug report is a duplicate of bpo-43404. Python cannot use the system > trust store on macOS. You need to follow the instructions at the end of the > installation process to install root CA certificates. tl;dr run the " > Install Certificates.command" from the installation folder. > > ---------- > components: +Installation, macOS -Extension Modules > nosy: +christian.heimes, ned.deily, ronaldoussoren > resolution: -> not a bug > stage: -> resolved > status: open -> closed > superseder: -> No SSL certificates when using the Mac installer > type: security -> behavior > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue45839> > _______________________________________ > |
|||
msg406698 - (view) | Author: Ned Deily (ned.deily) * | Date: 2021-11-21 00:45 | |
That is very unusual behavior. Pip has its own private certificate store that it uses to make secure connections to pypi.org and the version of pip supplied with the python.org 3.10.0 macOS installer should work just fine as is. I just verified that it works for me. I'm just guessing here but I think the most likely cause of this behavior is that your internet connection is behind a misconfigured or malevolent proxy server. You may want to check your DNS settings as well to try to use a neutral DNS provider. There are discussions of similar problems on the web: try searching for: pypi self signed certificate in certificate chain. Good luck! |
|||
msg406704 - (view) | Author: Muhammad Irfan Asghar (mirfanasghar) | Date: 2021-11-21 10:02 | |
Hi I am really astonished and I have tried all tricks, help available on internet. Is there any manual way to do this. i.e open any file and enter information separately so that ssL certificate issue can be solved. or can you tell me, how you configured your mac. Irfan On Sun, Nov 21, 2021 at 1:45 AM Ned Deily <report@bugs.python.org> wrote: > > Ned Deily <nad@python.org> added the comment: > > That is very unusual behavior. Pip has its own private certificate store > that it uses to make secure connections to pypi.org and the version of > pip supplied with the python.org 3.10.0 macOS installer should work just > fine as is. I just verified that it works for me. I'm just guessing here > but I think the most likely cause of this behavior is that your internet > connection is behind a misconfigured or malevolent proxy server. You may > want to check your DNS settings as well to try to use a neutral DNS > provider. There are discussions of similar problems on the web: try > searching for: pypi self signed certificate in certificate chain. Good luck! > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue45839> > _______________________________________ > |
|||
msg406827 - (view) | Author: Ronald Oussoren (ronaldoussoren) * | Date: 2021-11-23 09:03 | |
Could you check with "curl -k https://pypi.org/ >/dev/null" what certificate is used by PyPI? On my system I get (amongst other output): ... * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=pypi.org * start date: Oct 22 18:55:44 2021 GMT * expire date: Nov 23 18:55:43 2022 GMT * subjectAltName: host "pypi.org" matched cert's "pypi.org" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2 2021 * SSL certificate verify ok. ... Note how the issuer is GlobalSign. If you see some other certificate authority, or get an error from curl due to the same certificate verification problem, you have something on the path between you and PyPI that intercepts the connection, such as a corporate proxy. Pip appears to have a way to override certificate verification, you'll have to (a) read pip's manual for that and (b) be *very* sure you know what's going on before you start trusting some other CA that's not in the global trust root used by pip and certify. |
|||
msg406888 - (view) | Author: Muhammad Irfan Asghar (mirfanasghar) | Date: 2021-11-23 21:01 | |
Hi The issue is finally solved by using the command pip3 install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pandas Thanks to all who helped. regards Irfan On Tue, Nov 23, 2021 at 10:03 AM Ronald Oussoren <report@bugs.python.org> wrote: > > Ronald Oussoren <ronaldoussoren@mac.com> added the comment: > > Could you check with "curl -k https://pypi.org/ >/dev/null" what > certificate is used by PyPI? > > On my system I get (amongst other output): > > ... > * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 > * ALPN, server accepted to use h2 > * Server certificate: > * subject: CN=pypi.org > * start date: Oct 22 18:55:44 2021 GMT > * expire date: Nov 23 18:55:43 2022 GMT > * subjectAltName: host "pypi.org" matched cert's "pypi.org" > * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2 > 2021 > * SSL certificate verify ok. > ... > > Note how the issuer is GlobalSign. If you see some other certificate > authority, or get an error from curl due to the same certificate > verification problem, you have something on the path between you and PyPI > that intercepts the connection, such as a corporate proxy. > > Pip appears to have a way to override certificate verification, you'll > have to (a) read pip's manual for that and (b) be *very* sure you know > what's going on before you start trusting some other CA that's not in the > global trust root used by pip and certify. > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue45839> > _______________________________________ > |
|||
msg406895 - (view) | Author: Muhammad Irfan Asghar (mirfanasghar) | Date: 2021-11-23 22:41 | |
Great, thanks! On Tue, Nov 23, 2021 at 10:01 PM Muhammad Irfan Asghar < report@bugs.python.org> wrote: > > Muhammad Irfan Asghar <mirfanasghar@gmail.com> added the comment: > > Hi > > The issue is finally solved by using the command > > pip3 install --trusted-host pypi.org --trusted-host pypi.python.org > --trusted-host files.pythonhosted.org pandas > > Thanks to all who helped. > > regards > Irfan > > On Tue, Nov 23, 2021 at 10:03 AM Ronald Oussoren <report@bugs.python.org> > wrote: > > > > > Ronald Oussoren <ronaldoussoren@mac.com> added the comment: > > > > Could you check with "curl -k https://pypi.org/ >/dev/null" what > > certificate is used by PyPI? > > > > On my system I get (amongst other output): > > > > ... > > * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 > > * ALPN, server accepted to use h2 > > * Server certificate: > > * subject: CN=pypi.org > > * start date: Oct 22 18:55:44 2021 GMT > > * expire date: Nov 23 18:55:43 2022 GMT > > * subjectAltName: host "pypi.org" matched cert's "pypi.org" > > * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2 > > 2021 > > * SSL certificate verify ok. > > ... > > > > Note how the issuer is GlobalSign. If you see some other certificate > > authority, or get an error from curl due to the same certificate > > verification problem, you have something on the path between you and PyPI > > that intercepts the connection, such as a corporate proxy. > > > > Pip appears to have a way to override certificate verification, you'll > > have to (a) read pip's manual for that and (b) be *very* sure you know > > what's going on before you start trusting some other CA that's not in the > > global trust root used by pip and certify. > > > > ---------- > > > > _______________________________________ > > Python tracker <report@bugs.python.org> > > <https://bugs.python.org/issue45839> > > _______________________________________ > > > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue45839> > _______________________________________ > |
History | |||
---|---|---|---|
Date | User | Action | Args |
2022-04-11 14:59:52 | admin | set | github: 89997 |
2021-11-23 22:41:13 | mirfanasghar | set | messages: + msg406895 |
2021-11-23 21:01:40 | mirfanasghar | set | messages: + msg406888 |
2021-11-23 09:03:07 | ronaldoussoren | set | messages: + msg406827 |
2021-11-21 10:02:53 | mirfanasghar | set | messages: + msg406704 |
2021-11-21 00:45:24 | ned.deily | set | messages: + msg406698 |
2021-11-20 14:20:14 | mirfanasghar | set | messages: + msg406656 |
2021-11-19 14:31:08 | christian.heimes | set | status: open -> closed superseder: No SSL certificates when using the Mac installer nosy: + christian.heimes, ronaldoussoren, ned.deily components: + Installation, macOS, - Extension Modules messages: + msg406588 type: security -> behavior resolution: not a bug stage: resolved |
2021-11-19 14:20:18 | mirfanasghar | set | messages: + msg406587 |
2021-11-18 23:59:05 | eric.smith | set | nosy:
+ eric.smith messages: + msg406568 |
2021-11-18 21:52:09 | mirfanasghar | create |