如何让pipenv install <package>使用防火墙的SSL证书?
Mad*_*dam 9 python pip virtualenv
坐在具有 SSL 解密的非常严格的防火墙后面,我通常使用这些选项安装 python 包(在 macOS 10.15 上)pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org <packagename>。但pipenv install --trusted-host pypi.org --trusted-host files.pythonhosted.org <packagename>不起作用:
Pipenv.vendor.requirementslib.exceptions.RequirementError:无法解析来自“--trusted-host”的要求
\n由于忽略 SSL 不起作用,我尝试将防火墙的证书放入文件夹中并设置 REQUESTS_CA_BUNDLE=/path/to/company/certificates.pem 但没有成功(也许我做错了)。用户@Shanti在这个问题中发表了有希望的评论,但我不知道他是如何完成将证书提供给pipenv 的。
\n因此,归根结底,我正在寻找一种使 pipelinev 使用我的防火墙证书的方法。
\n编辑:这是运行 pipelinenv install 时的输出:
\nCreating a virtualenv for this project\xe2\x80\xa6\nPipfile: /Users/admin/Code/test/Pipfile\nUsing /Users/admin/.pyenv/versions/3.8.6/bin/python3.8 (3.8.6) to create virtualenv\xe2\x80\xa6\n\xe2\xa0\xa7 Creating virtual environment...created virtual environment CPython3.8.6.final.0-64 in 404ms\n creator CPython3Posix(dest=/Users/admin/.local/share/virtualenvs/test-NSydZlln, clear=False, global=False)\n seeder FromAppData(download=False, pip=bundle, setuptools=bundle, wheel=bundle, via=copy, app_data_dir=/Users/admin/Library/Application Support/virtualenv)\n added seed packages: pip==20.2.4, setuptools==50.3.2, wheel==0.35.1\n activators BashActivator,CShellActivator,FishActivator,PowerShellActivator,PythonActivator,XonshActivator\n\n\xe2\x9c\x94 Successfully created virtual environment! \nVirtualenv location: /Users/admin/.local/share/virtualenvs/test-NSydZlln\nPipfile.lock not found, creating\xe2\x80\xa6\nLocking [dev-packages] dependencies\xe2\x80\xa6\nLocking [packages] dependencies\xe2\x80\xa6\nBuilding requirements...\nResolving dependencies...\n\xe2\x9c\x98 Locking Failed! \nTraceback (most recent call last):\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/contrib/pyopenssl.py", line 488, in wrap_socket\n cnx.do_handshake()\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1934, in do_handshake\n self._raise_ssl_error(self._ssl, result)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/OpenSSL/SSL.py", line 1671, in _raise_ssl_error\n _raise_current_error()\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue\n raise exception_type(errors)\nOpenSSL.SSL.Error: [(\'SSL routines\', \'tls_process_server_certificate\', \'certificate verify failed\')]\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 670, in urlopen\n httplib_response = self._make_request(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 381, in _make_request\n self._validate_conn(conn)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 976, in _validate_conn\n conn.connect()\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connection.py", line 361, in connect\n self.sock = ssl_wrap_socket(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/util/ssl_.py", line 377, in ssl_wrap_socket\n return context.wrap_socket(sock, server_hostname=server_hostname)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/contrib/pyopenssl.py", line 494, in wrap_socket\n raise ssl.SSLError("bad handshake: %r" % e)\nssl.SSLError: ("bad handshake: Error([(\'SSL routines\', \'tls_process_server_certificate\', \'certificate verify failed\')])",)\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/adapters.py", line 439, in send\n resp = conn.urlopen(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 724, in urlopen\n retries = retries.increment(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/urllib3/util/retry.py", line 439, in increment\n raise MaxRetryError(_pool, url, error or ResponseError(cause))\nurllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host=\'pypi.org\', port=443): Max retries exceeded with url: /pypi/wheel/json (Caused by SSLError(SSLError("bad handshake: Error([(\'SSL routines\', \'tls_process_server_certificate\', \'certificate verify failed\')])")))\n\nDuring handling of the above exception, another exception occurred:\n\nTraceback (most recent call last):\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 807, in <module>\n main()\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 802, in main\n _main(parsed.pre, parsed.clear, parsed.verbose, parsed.system, parsed.write,\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 785, in _main\n resolve_packages(pre, clear, verbose, system, write, requirements_dir, packages)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 746, in resolve_packages\n results, resolver = resolve(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/resolver.py", line 728, in resolve\n return resolve_deps(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 1378, in resolve_deps\n results, hashes, markers_lookup, resolver, skipped = actually_resolve_deps(\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 1096, in actually_resolve_deps\n results = resolver.clean_results()\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 1002, in clean_results\n collected_hashes = self.collect_hashes(ireq)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/utils.py", line 885, in collect_hashes\n r = session.get(pkg_url, timeout=10)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/sessions.py", line 543, in get\n return self.request(\'GET\', url, **kwargs)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/sessions.py", line 530, in request\n resp = self.send(prep, **send_kwargs)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/sessions.py", line 643, in send\n r = adapter.send(request, **kwargs)\n File "/Users/admin/.pyenv/versions/3.8.6/lib/python3.8/site-packages/pipenv/vendor/requests/adapters.py", line 514, in send\n raise SSLError(e, request=request)\nrequests.exceptions.SSLError: HTTPSConnectionPool(host=\'pypi.org\', port=443): Max retries exceeded with url: /pypi/wheel/json (Caused by SSLError(SSLError("bad handshake: Error([(\'SSL routines\', \'tls_process_server_certificate\', \'certificate verify failed\')])")))\nSte*_*cht 15
正如评论中已经指出的,设置环境变量可以解决问题。它应该看起来像这样:
export REQUESTS_CA_BUNDLE=/path/to/certificates.pem
完整的链条
在certificate.pem 中,您必须拥有包含根证书的完整链。因此,certificates.pem 应该如下所示:
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
...
您可以将文件拆分为带有后缀 .pem 的单个文件,包括开始和结束标记,如下所示:
-----BEGIN CERTIFICATE-----
MII...
-----END CERTIFICATE-----
现在,您可以在 Finder 中选择各个 .pem 文件,输入 <alt> + <tab>,以便可以查看每个证书的内容。该链必须完整,例如,当您查看“通用名称”下的“颁发者”部分时,您应该找到每个证书相应的签名证书。
如果缺少一个或多个,请使用“钥匙串访问”应用程序 (/Applications/Utilities/) 搜索缺少“通用名称”的证书,以 .PEM 格式导出证书,然后将生成的文件附加到您的证书末尾。证书.pem 文件。
测试
本地测试如下:
- 设置 HTTPS 代理(在本例中为 Charles)
- 将 Charles 证书保存在 .pem 文件中
- 尝试调用
pipenv install requests(或任何其他包),它失败并显示SSLCertVerificationError - 设置
REQUESTS_CA_BUNDLE环境变量 - 再次致电
pipenv install requests-> 有效
截屏
