All geek questions in one place

Does buildout / easy_install / setup_tools support SSL certificates?

I am trying to diagnose this error:

Getting distribution for 'zc.buildout<2dev'. Got zc.buildout 1.7.1. Generated script '/opt/mytardis/releases/a549cd05272afe8f16c2fe5efe8158490acbde82/bin/buildout'. Download error on http://pypi.python.org/simple/buildout-versions/: [Errno 104] Connection reset by peer -- Some packages may not be found! Couldn't find index page for 'buildout-versions' (maybe misspelled?) Download error on http://pypi.python.org/simple/: [Errno 104] Connection reset by peer -- Some packages may not be found! Getting distribution for 'buildout-versions'. STDERR: /usr/lib64/python2.6/distutils/dist.py:266: UserWarning: Unknown distribution option: 'src_root' warnings.warn(msg) While: Installing. Loading extensions. Getting distribution for 'buildout-versions'. Error: Couldn't find a distribution for 'buildout-versions'.

This happens deep inside the Chef + build setup stack. One thing I discovered is that if I try to directly access the buildout package:

 $ wget https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz#md5=731ecc0c9029f45826fa9f31d44e311d --2013-07-09 12:50:18-- https://pypi.python.org/packages/source/b/buildout-versions/buildout-versions-1.7.tar.gz Resolving proxy.redacted.com... 123.45.67.8 Connecting to proxy.redacted.com|123.45.67.8|:8080... connected. ERROR: certificate common name "*.a.ssl.fastly.net" doesn't match requested host name "pypi.python.org". To connect to pypi.python.org insecurely, use '--no-check-certificate'.

I can access the file from my desktop. Therefore, I suspect a proxy (provided by the university, and this server should use it to access the Internet). It is set using https_proxy=...

Is this a likely cause of build failure? Anyway?

+4
source share
4 answers

Your version of wget is too old.

wget started supporting SNI ( Server Name Indication ) only from version 1.14 and that for the TLS extension you need to provide the correct certificate on pypi.python.org.

+11
source

Yes, zc.buildout and easy_install use urllib2 to retrieve HTTPS resources that does not validate SSL certificates :

Warning : HTTPS requests do not validate server certificates.

Your wget tool validates certificates, but your local certificate certificates are not incomplete. see SSL certificate rejected an attempt to access GitHub via HTTPS behind the firewall for instructions on how to update them.

As for the original error, then apparently your firewall proxy is resetting peers.

According to PEP 476 , Python 2.7.9 corrects this situation. Starting with this version, urllib2 will check SSL certificates by default.

+4
source

Since Python 2.7.9 (released) /3.4.3 (released soon), certificates are checked by default:

Verifying an HTTPS certificate using a system certificate store is now enabled by default. See PEP 476 for details.

https://www.python.org/downloads/release/python-279/

+1
source

you can try:

 wget http://pypi.python.org/packages/2.7/s/setuptools/setuptools-0.6c11-py2.7.egg#md5=fe1f997bc722265116870bc7919059ea --no-check-certificate
0
source

Source: https://habr.com/ru/post/1490410/

More articles:


All Articles