Recipe OpenSSL Certificate

Martin Zibricky edited this page Sep 5, 2015 · 1 revision

On Mac OS X only Apple's OpenSSL can access the certificates stored in the Keychain. If you use Macports or Homebrew to install python you don't get any certificates by default and have to install either curl-ca-bundle or certsync. Thus when bundling a program that requires using the python ssl library for certificate verification it will always fail unless the certificates are bundled with the program.

This recipe is based on pull request #1411.

Put the following snippet into you .spec file (it collects certificates):

from PyInstaller.utils.hooks.hookutils import exec_statement
cert_datas = exec_statement("""
    import ssl
    print(ssl.get_default_verify_paths().cafile)""").strip().split()
cert_datas = [(f, 'lib'), for f in cert_datas)

Add the certificate files to the Analysis (use argument datas):

a = Analysis(['script.py'],
             pathex=[],
             binaries=None,
             datas=cert_datas,
             ...)

Now add at the top of your main script the following code (it tells Python where to look for certificates).

import sys
import os

if getattr(sys, 'frozen', False):
    os.environ['SSL_CERT_FILE'] = os.path.join(sys._MEIPASS, 'lib', 'cert.pem')