I use python for work and often need to install packages using pip but because the IT-department at work is using an https-man-in-the-middle every time i try to install packages while on the internal compagny network it failes with an ssl-certificate verification error.
Until recently I had a colleague (he left) who had found a command to disable the verification which enabled install with pip through the compagny network, it was something like SSL_...-VERIFY.. = FALSE ??? something like that very straight forward, but i don't remember it exactly and i cant seem to find it anywhere on the internet.
I find lots of solutions to the same problem but none of them work for me, here i'm thinking of solutions like '--trusted-host..' etc.
Please does anyone know the command I'm looking for?
I was able to get pip working by using both the --trusted-host flag and also the --cert flag to point it to the root certificate for the network. The certificate would be installed on any workstation subject to SSL MITM so you can export the certificate yourself or ask your IT department for it.
Example command that worked for me:
pip3 install ipython --trusted-host pypi.python.org --cert /path/to/cert/root_cert.cer
Related
I am currently trying to install many different libraries into my Python environment. I've currently tried using a virtual environment and conda environment still resulting in similar errors.
As I'm doing this on a VM, I have to go through my corporate proxy, hence my pip install command looks a little verbose like the following:
pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org h5py --proxy http://user:password#proxy.internet.mycompany.local:8080
This had been working fine to download many different packages (including ones that are currently failing now), I'm not too sure what has changed, but now the command results in the following error:
Collecting h5py
Downloading h5py-3.1.0-cp37-cp37m-win_amd64.whl
\ 4.8 kB ...
ERROR: THESE PACKAGES DO NOT MATCH THE HASHES FROM THE REQUIREMENTS FILE. If you have updated the >package versions
, please update the hashes. Otherwise, examine the package contents carefully; someone may have tampered >with them
.
h5py from https://files.pythonhosted.org/packages/53/c2/77bd81922264520b492bd7bfd1a51a845bc1187445408a7a83db284fd566/h5py-3.1.0-cp37-cp37m-win_amd64.whl#sha256=02c391fdb980762a1cc03a4bcaecd03dc463994a9a63a02264830114a96e111f
:
Expected sha256 02c391fdb980762a1cc03a4bcaecd03dc463994a9a63a02264830114a96e111f
Got 3fbaf847f810d5f6970abb0c7754abcca7dea17d315036fe5e4b26f427adf3a6
Although this error will still stay largely the same, the "Got" sha256 will change on each attempt, i.e. the following for the last returned line:
Got ff8197d74c233317597b89612691bf420806046093628ac02f0a92df3ac8123a
Got 8be06806b22d49aaa9b94113d8b3e075539303da96386971600c21cb8b9f8460
To rectify this error I've attempted the following:
using '--no-cache-dir' as suggested other Stack Overflow answers to similar questions
reinstalling python/pip or trying other versions of Python.
trying to use miniconda/anaconda instead
contacting owner of libraries about the issue (although I'm fairly sure it isn't library specific as I can't download any packages)
attempted to access the link in the error output: https://files.pythonhosted.org/packages/53/c2/77bd81922264520b492bd7bfd1a51a845bc1187445408a7a83db28%204fd566/h5py-3.1.0-cp37-cp37m-win_amd64.whl#sha256=02c391fdb980762a1cc03a4bcaecd03dc463994a9a63a02264830114a96e111f. This results in the following page response - the console section of developer tools states the following error: Failed to load resource: the server responded with a status of 404 (Not Found)
I've found a few similar issues to this already on Stack Overflow, but I've found nothing that resolves this.
I'm currently trying to use the sleekxmpp module in Python3.5 to connect to jabber.at, an XMPP service. Jabber.at's SSL certificates are issued by Let's Encrypt.
The problem I'm having is, when I try to log in to my jabber.at account using sleekxmpp, I get the following error:
INFO Negotiating TLS
INFO Using SSL version: TLSv1
ERROR Certificate has expired.
I've tried to resolve this issue on Ubuntu 16.04, Manjaro GNOME 17, and Windows 10, with a fresh installation of Python, sleekxmpp, and all of sleekxmpp's dependencies, on each of those machines. It didn't make a difference.
On each of my machines, I have the Let's Encrypt Authority X3 certificate installed, yet sleekxmpp still thinks the certificate is expired, even though the certificate is valid until 2022. Frustratingly, I'm able to log in to my XMPP account using Pidgin, and the certificate automatically saved by Pidgin (which you can find under ~/.purple/ in Linux) is exactly the same as the one I downloaded directly from Let's Encrypt.
I've tried manually changing the ssl version in sleekxmpp.xmlstream.xmlstream.py:125 to ssl.PROTOCOL_SSLv23, but that didn't work, either. I've also tried manually specifying the path to the Let's Encrypt .crt file in sleekxmpp.xmlstream.xmlstream.py:140, but I still have the same issue.
I should note that I do have dnspython, pyasn1, and pyasn1_modules installed on each machine. While I can successfully log into my jabber.at account by either uninstalling pyasn1, or explicitly ignoring certificates by setting sleekxmpp.xmlstream.xmlstream.py:140 to None, that isn't a solution in my case - I must encrypt my connection.
Is there anything I can do? I've been at this for days now, and I haven't been able to find any helpful solutions on Google.
I appreciate any help!
After over a month, I was able to find a solution to my own problem.
It turns out that this issue is caused by a regression in SleekXMPP, introduced in version 1.3.3:
GitHub: Regression from 1.3.1
It was only recently addressed, but as of now, there is no official release with the fix. The short-term solution to this problem is to uninstall SleekXMPP, and re-install SleekXMPP, specifying version 1.3.1:
sudo pip3 uninstall sleekxmpp
sudo pip3 install sleekxmpp==1.3.1
Reverting to version 1.3.1 solves this issue for me. Perhaps this will no longer be an issue in SleekXMPP 1.3.4.
I want to integrate nexmo into my Python product, so that I can send SMS. On my localhost (Python 3.6.1), using this, I have installed it easily by
pip intall nexmo
However now I want to move everything to the server and the
pip intall nexmo
fails:
Edit: I also tried the "easy_install", as indicated in this other post on stackoverflow: "pip install gives error: Unable to find vcvarsall.bat
" - but that also did not work.
Could anyone please help why?
Thanks!
I fixed it using this link send to me by Nexmo support team: https://blogs.msdn.microsoft.com/pythonengineering/2016/04/11/unable-to-find-vcvarsall-bat/
i am integrating paypalrestsdk in my AppEngine project. When, using my local dev_appserver, i try to create a payment on the PayPal sandbox, i have the following error:
SSLCertificateError: Invalid and/or missing SSL certificate for URL: https://api.sandbox.paypal.com/v1/oauth2/token
So, i have tried to provide the correct pem file, downloading it from here and setting up the correct ssl_option attribute:
# Setting up the correct path to the .pem file
cert = os.path.join(ROOT, 'certs/api.sandbox.paypal.com_SHA-2_01132018.pem')
logger.info("Using SSL certificate: %s", cert)
return Api(
mode=get_paypal_environment(), # sandbox or live
client_id=flask.current_app.config["PAYPAL_CLIENT_ID"],
client_secret=flask.current_app.config["PAYPAL_CLIENT_SECRET"],
ssl_options={"cert": cert}
)
Here there is the PayPalRestSDK documentation that gives details on how to provide certificate. I have double checked the path created is correct.
I have have found a bug report here that talks about a similar problem.
Also, i have tried the solution suggested here and still does not work.
On a live instance, on appspot, this all works perfectly.
Here's the relevant part of my requirements.txt:
Flask==0.10.1
itsdangerous==0.24
paramiko==1.15.1
pycrypto==2.6.1
Flask-OAuthlib==0.9.1
google-api-python-client==1.4.0
paypalrestsdk==1.11.1
requests[security]==2.9.1
Is anyone having the same issue ?
OK, I believed I've solved this one, at least in my case, which I'll describe below.
This seemed to be due to two issues:
Issue #1) PayPal is migrating to supporting only TLS 1.2, and has started by switching over the sandbox URLs, with the production URLs to come later. This explains why things are broken only when connecting from the sandbox, and why it used to work but doesn't now. More on this here.
Issue #2) My local install of Python didn't support TLS 1.2. Here is an easy way to check:
$ python
>>> import ssl
>>> print ssl._PROTOCOL_NAMES
If you don't see PROTOCOL_TLSv1_2 listed, this is definitely the issue. In my case, I was using the builtin version on Python on Mac OS X 10.11, which had a pretty old version on OpenSSL built in.
So how to fix it? Well, in my case, this worked pretty well (copied mostly from here):
$ brew update
$ brew install openssl
$ brew link openssl --force
$ brew install python --with-brewed-openssl
$ sudo ln -s /usr/local/Cellar/python/2.7.11/bin/python /usr/local/bin/python
Now if you run the test I listed above, you should see the 1.2 protocol listed.
This should make everything work again, good luck!
I am trying to checkout a subversion repository using PIP, since I am under a proxy I am calling PIP using the --proxy parameter:
pip install svn+http://django-compress.googlecode.com/svn/trunk/ --proxy=myproxy:8080
While PIP itself works fine under the proxy, it seen that its not passing the proxy parameter to the SVN client:
Downloading/unpacking svn+http://django-compress.googlecode.com/svn/trunk/
Checking out http://django-compress.googlecode.com/svn/trunk/ to c:\users\canassa\appdata\local\temp\pip-x_w9ct-build
svn: OPTIONS of 'http://django-compress.googlecode.com/svn/trunk': could not connect to server (http://django-compress.googlecode.com)
Complete output from command "C:\Program Files\SlikSvn\bin\svn.exe" checkout -q http://django-compress.googlecode.com/svn/trunk/ c:\users\canassa\appdata\local\temp\pip-x_w9ct-build:
----------------------------------------
Command "C:\Program Files\SlikSvn\bin\svn.exe" checkout -q http://django-compress.googlecode.com/svn/trunk/ c:\users\canassa\appdata\local\temp\pip-x_w9ct-build failed with error code 1
Storing complete log in C:\Users\canassa\AppData\Roaming\pip\pip.log
To make things worst I am under a Windows environment and using the SilkSVN client. I also have to switch off the proxy a few times every day since its a notebook and I have to connect it with the wireless, which don't uses a proxy.
My question is if there is a way to handle the SlikSvn proxy under PIP and Windows. Preferably making easy to switch it off when I need.
It is an open bug[1] and there is not solution to this problem right now.
If you find an answer, please, comment in pip's issue tracker.
[1] - https://github.com/pypa/pip/issues/227