Recipe OpenSSL Certificate

Lomanic edited this page Dec 21, 2017 · 3 revisions

On Mac OS X only Apple's OpenSSL can access the certificates stored in the Keychain. If you use Macports or Homebrew to install python you don't get any certificates by default and have to install either curl-ca-bundle or certsync. Thus when bundling a program that requires using the python ssl library for certificate verification it will always fail unless the certificates are bundled with the program.

This recipe is based on pull request #1411.

Put the following snippet into you .spec file (it collects certificates):

from PyInstaller.utils.hooks import exec_statement
cert_datas = exec_statement("""
    import ssl
cert_datas = [(f, 'lib') for f in cert_datas]

Add the certificate files to the Analysis (use argument datas):

a = Analysis([''],

Now add at the top of your main script the following code (it tells Python where to look for certificates).

import sys
import os

if getattr(sys, 'frozen', False):
    os.environ['SSL_CERT_FILE'] = os.path.join(sys._MEIPASS, 'lib', 'cert.pem')
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.
Press h to open a hovercard with more details.