Message 406888 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	mirfanasghar
Recipients	christian.heimes, eric.smith, mirfanasghar, ned.deily, ronaldoussoren
Date	2021-11-23.21:01:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<CADRqRP_18zmiKge84RC_2HTry+7PY=EoogZ2D8TMHu=2hTNngg@mail.gmail.com>
In-reply-to	<1637658187.68.0.0278695845153.issue45839@roundup.psfhosted.org>

Content
Hi The issue is finally solved by using the command pip3 install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pandas Thanks to all who helped. regards Irfan On Tue, Nov 23, 2021 at 10:03 AM Ronald Oussoren <report@bugs.python.org> wrote: > > Ronald Oussoren <ronaldoussoren@mac.com> added the comment: > > Could you check with "curl -k https://pypi.org/ >/dev/null" what > certificate is used by PyPI? > > On my system I get (amongst other output): > > ... > * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 > * ALPN, server accepted to use h2 > * Server certificate: > * subject: CN=pypi.org > * start date: Oct 22 18:55:44 2021 GMT > * expire date: Nov 23 18:55:43 2022 GMT > * subjectAltName: host "pypi.org" matched cert's "pypi.org" > * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2 > 2021 > * SSL certificate verify ok. > ... > > Note how the issuer is GlobalSign. If you see some other certificate > authority, or get an error from curl due to the same certificate > verification problem, you have something on the path between you and PyPI > that intercepts the connection, such as a corporate proxy. > > Pip appears to have a way to override certificate verification, you'll > have to (a) read pip's manual for that and (b) be very sure you know > what's going on before you start trusting some other CA that's not in the > global trust root used by pip and certify. > > ---------- > > _______________________________________ > Python tracker <report@bugs.python.org> > <https://bugs.python.org/issue45839> > _______________________________________ >

Hi

The issue is finally solved by using the command

pip3 install --trusted-host pypi.org --trusted-host pypi.python.org
--trusted-host files.pythonhosted.org pandas

Thanks to all who helped.

regards
Irfan

On Tue, Nov 23, 2021 at 10:03 AM Ronald Oussoren <report@bugs.python.org>
wrote:

>
> Ronald Oussoren <ronaldoussoren@mac.com> added the comment:
>
> Could you check with "curl -k https://pypi.org/ >/dev/null" what
> certificate is used by PyPI?
>
> On my system I get (amongst other output):
>
> ...
> * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305
> * ALPN, server accepted to use h2
> * Server certificate:
> *  subject: CN=pypi.org
> *  start date: Oct 22 18:55:44 2021 GMT
> *  expire date: Nov 23 18:55:43 2022 GMT
> *  subjectAltName: host "pypi.org" matched cert's "pypi.org"
> *  issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2
> 2021
> *  SSL certificate verify ok.
> ...
>
> Note how the issuer is GlobalSign. If you see some other certificate
> authority, or get an error from curl due to the same certificate
> verification problem, you have something on the path between you and PyPI
> that intercepts the connection, such as a corporate proxy.
>
> Pip appears to have a way to override certificate verification, you'll
> have to (a) read pip's manual for that and (b) be *very* sure you know
> what's going on before you start trusting some other CA that's not in the
> global trust root used by pip and certify.
>
> ----------
>
> _______________________________________
> Python tracker <report@bugs.python.org>
> <https://bugs.python.org/issue45839>
> _______________________________________
>

History
Date	User	Action	Args
2021-11-23 21:01:40	mirfanasghar	set	recipients: + mirfanasghar, ronaldoussoren, eric.smith, christian.heimes, ned.deily
2021-11-23 21:01:40	mirfanasghar	link	issue45839 messages
2021-11-23 21:01:40	mirfanasghar	create