New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SSL digest errors (on OSX and windows) #829

Closed
tba-apps opened this Issue Mar 8, 2013 · 60 comments

Comments

Projects
None yet
@tba-apps

tba-apps commented Mar 8, 2013

OSX and Windows users on pythons linked to an older openssl version (e.g. "OpenSSL 0.9.7l 28 Sep 2006" on OSX and "OpenSSL 0.9.8k 25 Mar 2009" on windows) get an error like the following when pip installs from pypi.

ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

to determine your openssl version, run python -c "import ssl; print ssl.OPENSSL_VERSION"

there are currently no plans to offer a fix for this other than to recommend people to use a python that is linked to a more recent version of openssl.

@jezdez

This comment has been minimized.

Show comment
Hide comment
@jezdez

jezdez Mar 8, 2013

Contributor

Can you paste the full log /Users/tba/.pip/pip.log please?

Contributor

jezdez commented Mar 8, 2013

Can you paste the full log /Users/tba/.pip/pip.log please?

@flyingfrog81

This comment has been minimized.

Show comment
Hide comment
@flyingfrog81

flyingfrog81 Mar 8, 2013

Same error here on OSX 10.6.8 . Seems to be SSL related.

flyingfrog81 commented Mar 8, 2013

Same error here on OSX 10.6.8 . Seems to be SSL related.

@flyingfrog81

This comment has been minimized.

Show comment
Hide comment
@flyingfrog81

flyingfrog81 Mar 8, 2013

here's the full log:

------------------------------------------------------------
/Library/Frameworks/Python.framework/Versions/Current/bin/pip run on Fri Mar  8 12:44:05 2013
Downloading/unpacking cato

  Getting page https://pypi.python.org/simple/cato/
  Could not fetch URL https://pypi.python.org/simple/cato/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/cato/ when looking for download links for cato

  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/ when looking for download links for cato

  Cannot fetch index base URL https://pypi.python.org/simple/

  URLs to search for versions for cato:
  * https://pypi.python.org/simple/cato/
  Getting page https://pypi.python.org/simple/cato/
  Could not fetch URL https://pypi.python.org/simple/cato/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/cato/ when looking for download links for cato

  Could not find any downloads that satisfy the requirement cato

No distributions at all found for cato

Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1026, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/index.py", line 171, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for cato

flyingfrog81 commented Mar 8, 2013

here's the full log:

------------------------------------------------------------
/Library/Frameworks/Python.framework/Versions/Current/bin/pip run on Fri Mar  8 12:44:05 2013
Downloading/unpacking cato

  Getting page https://pypi.python.org/simple/cato/
  Could not fetch URL https://pypi.python.org/simple/cato/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/cato/ when looking for download links for cato

  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/ when looking for download links for cato

  Cannot fetch index base URL https://pypi.python.org/simple/

  URLs to search for versions for cato:
  * https://pypi.python.org/simple/cato/
  Getting page https://pypi.python.org/simple/cato/
  Could not fetch URL https://pypi.python.org/simple/cato/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/cato/ when looking for download links for cato

  Could not find any downloads that satisfy the requirement cato

No distributions at all found for cato

Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1026, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/index.py", line 171, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for cato
@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Mar 8, 2013

Member

Can you run with -v so we get the actual SSL error?

Member

dstufft commented Mar 8, 2013

Can you run with -v so we get the actual SSL error?

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 8, 2013

Contributor

there's no more info to be had with -v.
(if you're in github, scroll over to the right)

here's the detail:
<urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

just noticed vinay has some extra logic related to ssl versioning in distlib (@vsajip)
maybe we need that?

https://bitbucket.org/vinay.sajip/distlib/src/a7da9a0641fd96f1a75480206998b6a874467727/distlib/util.py?at=default#cl-1156

Contributor

qwcode commented Mar 8, 2013

there's no more info to be had with -v.
(if you're in github, scroll over to the right)

here's the detail:
<urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

just noticed vinay has some extra logic related to ssl versioning in distlib (@vsajip)
maybe we need that?

https://bitbucket.org/vinay.sajip/distlib/src/a7da9a0641fd96f1a75480206998b6a874467727/distlib/util.py?at=default#cl-1156

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Mar 8, 2013

Member

Oops missed that.

What version of openssl? (python -c "import ssl; print ssl.OPENSSL_VERSION").

Member

dstufft commented Mar 8, 2013

Oops missed that.

What version of openssl? (python -c "import ssl; print ssl.OPENSSL_VERSION").

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 8, 2013

Contributor

fwiw, on a mac that's not failing: OpenSSL 0.9.8r 8 Feb 2011

Contributor

qwcode commented Mar 8, 2013

fwiw, on a mac that's not failing: OpenSSL 0.9.8r 8 Feb 2011

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 8, 2013

Contributor

to be clear, distlib's extra logic is related to python version and ssl protocol version.
this issue just may require an openssl client library upgrade (or recompile) for certain OSX users.

Contributor

qwcode commented Mar 8, 2013

to be clear, distlib's extra logic is related to python version and ssl protocol version.
this issue just may require an openssl client library upgrade (or recompile) for certain OSX users.

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Mar 8, 2013

Member

SSL v2 is known to be insecure, pretty sure PyPI itself disables it but for non PyPI indexes it might be useful for pip to do the same.

Shouldn't be related to the issue at hand though.

Member

dstufft commented Mar 8, 2013

SSL v2 is known to be insecure, pretty sure PyPI itself disables it but for non PyPI indexes it might be useful for pip to do the same.

Shouldn't be related to the issue at hand though.

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 8, 2013

Contributor

opened #832 regarding @dstufft comment about restricting the ssl protocol version

Contributor

qwcode commented Mar 8, 2013

opened #832 regarding @dstufft comment about restricting the ssl protocol version

@tba-apps

This comment has been minimized.

Show comment
Hide comment
@tba-apps

tba-apps Mar 8, 2013

@dstufft Here is my openssl version:

tba:~$ python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.7l 28 Sep 2006

Here is the output with -v:

tba:~$ pip install -Uv pip
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Could not find any downloads that satisfy the requirement pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Downloading/unpacking pip
No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1025, in prepare_files
    raise not_found
DistributionNotFound: No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Storing complete log in /Users/tba/.pip/pip.log

Here is the complete log:

tba:~$ cat ~/.pip/pip.log
------------------------------------------------------------
/Library/Frameworks/Python.framework/Versions/2.7/bin/pip run on Fri Mar  8 10:55:12 2013
Getting page https://pypi.python.org/simple/pip/
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Getting page https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Cannot fetch index base URL https://pypi.python.org/simple/

URLs to search for versions for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg:
* https://pypi.python.org/simple/pip/
Getting page https://pypi.python.org/simple/pip/
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Could not find any downloads that satisfy the requirement pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Downloading/unpacking pip

No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1025, in prepare_files
    raise not_found
DistributionNotFound: No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

tba:~$ 

tba-apps commented Mar 8, 2013

@dstufft Here is my openssl version:

tba:~$ python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 0.9.7l 28 Sep 2006

Here is the output with -v:

tba:~$ pip install -Uv pip
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Could not find any downloads that satisfy the requirement pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Downloading/unpacking pip
No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1025, in prepare_files
    raise not_found
DistributionNotFound: No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Storing complete log in /Users/tba/.pip/pip.log

Here is the complete log:

tba:~$ cat ~/.pip/pip.log
------------------------------------------------------------
/Library/Frameworks/Python.framework/Versions/2.7/bin/pip run on Fri Mar  8 10:55:12 2013
Getting page https://pypi.python.org/simple/pip/
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Getting page https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Cannot fetch index base URL https://pypi.python.org/simple/

URLs to search for versions for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg:
* https://pypi.python.org/simple/pip/
Getting page https://pypi.python.org/simple/pip/
Could not fetch URL https://pypi.python.org/simple/pip/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:499: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/pip/ when looking for download links for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Could not find any downloads that satisfy the requirement pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Downloading/unpacking pip

No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1025, in prepare_files
    raise not_found
DistributionNotFound: No distributions at all found for pip in /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg

tba:~$ 
@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 8, 2013

Contributor

@tba-apps I don't know much about the OSX macport, homebrew stuff, but can you try an openssl upgrade?

Contributor

qwcode commented Mar 8, 2013

@tba-apps I don't know much about the OSX macport, homebrew stuff, but can you try an openssl upgrade?

@ulyssesv

This comment has been minimized.

Show comment
Hide comment
@ulyssesv

ulyssesv Mar 8, 2013

I was using ActivePython 2.7.2.5 and getting the same error. I switched to a fully brew distribution and now it's working. It doesn't solve the bug, but solved my problem...

brew update
brew install openssl
brew install python --with-brewed-openssl
brew linkapps

And set these vars:

PATH=$(brew --prefix)/share/python:$(brew --prefix)/share/python/bin:$(brew --prefix)/share/python/sbin:$PATH
PYTHONPATH=$(brew --prefix)/lib/python2.7/site-packages:$PYTHONPATH

Check your pip path with which pip, it must be the one in /usr/local/share/python.

Then:

pip install --upgrade distribute
pip install --upgrade pip

Now I'm able to use pip again.

ulyssesv commented Mar 8, 2013

I was using ActivePython 2.7.2.5 and getting the same error. I switched to a fully brew distribution and now it's working. It doesn't solve the bug, but solved my problem...

brew update
brew install openssl
brew install python --with-brewed-openssl
brew linkapps

And set these vars:

PATH=$(brew --prefix)/share/python:$(brew --prefix)/share/python/bin:$(brew --prefix)/share/python/sbin:$PATH
PYTHONPATH=$(brew --prefix)/lib/python2.7/site-packages:$PYTHONPATH

Check your pip path with which pip, it must be the one in /usr/local/share/python.

Then:

pip install --upgrade distribute
pip install --upgrade pip

Now I'm able to use pip again.

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Mar 8, 2013

Member

I wonder if this is an ActivePython issue then.

Member

dstufft commented Mar 8, 2013

I wonder if this is an ActivePython issue then.

@ulyssesv

This comment has been minimized.

Show comment
Hide comment
@ulyssesv

ulyssesv Mar 8, 2013

Probably. Before this setup Python was linked against OpenSSL 0.9.7l 28 Sep 2006 and now it's OpenSSL 1.0.1c 10 May 2012.

I wasn't able to test against the native Mac OS Python though.

ulyssesv commented Mar 8, 2013

Probably. Before this setup Python was linked against OpenSSL 0.9.7l 28 Sep 2006 and now it's OpenSSL 1.0.1c 10 May 2012.

I wasn't able to test against the native Mac OS Python though.

@matino

This comment has been minimized.

Show comment
Hide comment
@matino

matino Mar 12, 2013

Same problem here on Windows 7 with Python 2.7.3 while trying to install any package... I found this problem after upgrading to pip 1.3.1...

matino commented Mar 12, 2013

Same problem here on Windows 7 with Python 2.7.3 while trying to install any package... I found this problem after upgrading to pip 1.3.1...

@pnasrat

This comment has been minimized.

Show comment
Hide comment
@pnasrat

pnasrat Mar 12, 2013

Contributor

@matino please can you include a log or a link to a gist of a log produced with a run with -v.

Contributor

pnasrat commented Mar 12, 2013

@matino please can you include a log or a link to a gist of a log produced with a run with -v.

@matino

This comment has been minimized.

Show comment
Hide comment
@matino

matino Mar 12, 2013

Hi, here it is (result of pip install -Uv django) https://gist.github.com/matino/5143458

matino commented Mar 12, 2013

Hi, here it is (result of pip install -Uv django) https://gist.github.com/matino/5143458

@pnasrat

This comment has been minimized.

Show comment
Hide comment
@pnasrat

pnasrat Mar 12, 2013

Contributor

So your error is

/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
Contributor

pnasrat commented Mar 12, 2013

So your error is

/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed>
@matino

This comment has been minimized.

Show comment
Hide comment
@matino

matino Mar 12, 2013

I can see that the problem may be with the network. On my company network I get the error, but when I switch to 3g it works...
1.2.1 works as expected on both networks though...

matino commented Mar 12, 2013

I can see that the problem may be with the network. On my company network I get the error, but when I switch to 3g it works...
1.2.1 works as expected on both networks though...

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 12, 2013

Contributor

btw, our automated testing for windows includes py27 on 2008 server.
http://jenkins.qwcode.com/job/pip_win_27/

Contributor

qwcode commented Mar 12, 2013

btw, our automated testing for windows includes py27 on 2008 server.
http://jenkins.qwcode.com/job/pip_win_27/

@treyd

This comment has been minimized.

Show comment
Hide comment
@treyd

treyd Mar 12, 2013

I get this same error when I try to use the pip generated when I set up a virtualenv, but natively, pip works fine. My OpenSSL version is also OpenSSL 0.9.7l 28 Sep 2006.

treyd commented Mar 12, 2013

I get this same error when I try to use the pip generated when I set up a virtualenv, but natively, pip works fine. My OpenSSL version is also OpenSSL 0.9.7l 28 Sep 2006.

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 12, 2013

Contributor

@tduskin, is your global pip actually an older version that doesn't use SSL?
run pip --version

Contributor

qwcode commented Mar 12, 2013

@tduskin, is your global pip actually an older version that doesn't use SSL?
run pip --version

@treyd

This comment has been minimized.

Show comment
Hide comment
@treyd

treyd Mar 12, 2013

I'm using pip 1.3.1.

pip 1.3.1 from /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages (python 2.7)

treyd commented Mar 12, 2013

I'm using pip 1.3.1.

pip 1.3.1 from /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages (python 2.7)

@tba-apps

This comment has been minimized.

Show comment
Hide comment
@tba-apps

tba-apps Mar 12, 2013

Switching to brew Python as mentioned by @ulyssesv fixed the issue for me.

tba-apps commented Mar 12, 2013

Switching to brew Python as mentioned by @ulyssesv fixed the issue for me.

@treyd

This comment has been minimized.

Show comment
Hide comment
@treyd

treyd Mar 13, 2013

Upgrading to Python 2.7.3 (available from http://www.python.org/download/releases/2.7.3/) solved this issue for me. I am now able to use pip in my virtualenv.

treyd commented Mar 13, 2013

Upgrading to Python 2.7.3 (available from http://www.python.org/download/releases/2.7.3/) solved this issue for me. I am now able to use pip in my virtualenv.

@douglatornell

This comment has been minimized.

Show comment
Hide comment
@douglatornell

douglatornell Mar 16, 2013

I'm seeing this same issue on OS/X 10.8.2 with Python 2.6.6.

The Python build is the OS/X framework one from python.org
/Library/Frameworks/Python.framework/Versions/2.6/bin/python2.6

The OpenSSL version is OpenSSL 0.9.8r 8 Feb 2011

In my case this is happening in a tox run that tests the package under 2.6, 2.7, 3.2, and 3.3. The failure only happens under 2.6, and only started happening yesterday after I upgraded virtualenv and pip in the environment to:

$ virtualenv --version
1.9.1

and

$ pip --version
pip 1.3.1 from /Users/doug/.virtualenvs/blogofile-dev-3.2/lib/python3.2/site-packages (python 3.2)

pip log from the failure:

------------------------------------------------------------
../bin/pip run on Fri Mar 15 21:03:40 2013
Unpacking /Users/doug/.tox/distshare/Blogofile-0.8b1.zip

  Running setup.py egg_info for package from file:///Users/doug/.tox/distshare/Blogofile-0.8b1.zip

    running egg_info
    creating pip-egg-info/Blogofile.egg-info
    writing requirements to pip-egg-info/Blogofile.egg-info/requires.txt
    writing pip-egg-info/Blogofile.egg-info/PKG-INFO
    writing top-level names to pip-egg-info/Blogofile.egg-info/top_level.txt
    writing dependency_links to pip-egg-info/Blogofile.egg-info/dependency_links.txt
    writing entry points to pip-egg-info/Blogofile.egg-info/entry_points.txt
    writing manifest file 'pip-egg-info/Blogofile.egg-info/SOURCES.txt'
    warning: manifest_maker: standard file '-c' not found
    reading manifest file 'pip-egg-info/Blogofile.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    writing manifest file 'pip-egg-info/Blogofile.egg-info/SOURCES.txt'
  Source in /var/folders/4x/5r9809nn4dg6jql9768bm6dc0000gn/T/pip-dLVbFI-build has version 0.8b1, which satisfies requirement Blogofile==0.8b1 from file:///Users/doug/.tox/distshare/Blogofile-0.8b1.zip
Downloading/unpacking discover

  Getting page https://pypi.python.org/simple/discover/
  Could not fetch URL https://pypi.python.org/simple/discover/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/discover/ when looking for download links for discover

  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/ when looking for download links for discover

  Cannot fetch index base URL https://pypi.python.org/simple/

  URLs to search for versions for discover:
  * https://pypi.python.org/simple/discover/
  Getting page https://pypi.python.org/simple/discover/
  Could not fetch URL https://pypi.python.org/simple/discover/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/discover/ when looking for download links for discover

  Could not find any downloads that satisfy the requirement discover

No distributions at all found for discover

Exception information:
Traceback (most recent call last):
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/req.py", line 1026, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/index.py", line 171, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for discover

douglatornell commented Mar 16, 2013

I'm seeing this same issue on OS/X 10.8.2 with Python 2.6.6.

The Python build is the OS/X framework one from python.org
/Library/Frameworks/Python.framework/Versions/2.6/bin/python2.6

The OpenSSL version is OpenSSL 0.9.8r 8 Feb 2011

In my case this is happening in a tox run that tests the package under 2.6, 2.7, 3.2, and 3.3. The failure only happens under 2.6, and only started happening yesterday after I upgraded virtualenv and pip in the environment to:

$ virtualenv --version
1.9.1

and

$ pip --version
pip 1.3.1 from /Users/doug/.virtualenvs/blogofile-dev-3.2/lib/python3.2/site-packages (python 3.2)

pip log from the failure:

------------------------------------------------------------
../bin/pip run on Fri Mar 15 21:03:40 2013
Unpacking /Users/doug/.tox/distshare/Blogofile-0.8b1.zip

  Running setup.py egg_info for package from file:///Users/doug/.tox/distshare/Blogofile-0.8b1.zip

    running egg_info
    creating pip-egg-info/Blogofile.egg-info
    writing requirements to pip-egg-info/Blogofile.egg-info/requires.txt
    writing pip-egg-info/Blogofile.egg-info/PKG-INFO
    writing top-level names to pip-egg-info/Blogofile.egg-info/top_level.txt
    writing dependency_links to pip-egg-info/Blogofile.egg-info/dependency_links.txt
    writing entry points to pip-egg-info/Blogofile.egg-info/entry_points.txt
    writing manifest file 'pip-egg-info/Blogofile.egg-info/SOURCES.txt'
    warning: manifest_maker: standard file '-c' not found
    reading manifest file 'pip-egg-info/Blogofile.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    writing manifest file 'pip-egg-info/Blogofile.egg-info/SOURCES.txt'
  Source in /var/folders/4x/5r9809nn4dg6jql9768bm6dc0000gn/T/pip-dLVbFI-build has version 0.8b1, which satisfies requirement Blogofile==0.8b1 from file:///Users/doug/.tox/distshare/Blogofile-0.8b1.zip
Downloading/unpacking discover

  Getting page https://pypi.python.org/simple/discover/
  Could not fetch URL https://pypi.python.org/simple/discover/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/discover/ when looking for download links for discover

  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/ when looking for download links for discover

  Cannot fetch index base URL https://pypi.python.org/simple/

  URLs to search for versions for discover:
  * https://pypi.python.org/simple/discover/
  Getting page https://pypi.python.org/simple/discover/
  Could not fetch URL https://pypi.python.org/simple/discover/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

  Will skip URL https://pypi.python.org/simple/discover/ when looking for download links for discover

  Could not find any downloads that satisfy the requirement discover

No distributions at all found for discover

Exception information:
Traceback (most recent call last):
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/req.py", line 1026, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "/Users/doug/Documents/devel/python/blogofile_blog-dev/.tox/py26/lib/python2.6/site-packages/pip-1.3.1-py2.6.egg/pip/index.py", line 171, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
DistributionNotFound: No distributions at all found for discover
@rasky

This comment has been minimized.

Show comment
Hide comment
@rasky

rasky Mar 16, 2013

The error is:

Could not fetch URL https://pypi.python.org/simple/discover/: There was a problem confirming the ssl certificate: 
<urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown 
message digest algorithm>

But PyPI certificate (which is *.python.org) uses SHA1 as message digest. It's weird that anything would not support it, even if a few years old.

I tried reproducing it with this setup:

  • OSX 10.8.2
  • OpenSSL 0.9.8r 8 Feb 2011 (default from Apple)
  • Python 2.6.7 (default from Apple)
  • Virtualenv 1.9.1
  • pip 1.3.1

And I cannot reproduce it. If I created a virtualenv with Python 2.6 (using virtualenv -p python2.6), and then run pip to install any package, it is able to correctly connect to PyPI and download it without any SSL warning.

It looks like the only difference is that you're using Python 2.6 from python.org. Can you please try whether using the system Python 2.6 fixes it?

rasky commented Mar 16, 2013

The error is:

Could not fetch URL https://pypi.python.org/simple/discover/: There was a problem confirming the ssl certificate: 
<urlopen error [Errno 1] _ssl.c:490: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown 
message digest algorithm>

But PyPI certificate (which is *.python.org) uses SHA1 as message digest. It's weird that anything would not support it, even if a few years old.

I tried reproducing it with this setup:

  • OSX 10.8.2
  • OpenSSL 0.9.8r 8 Feb 2011 (default from Apple)
  • Python 2.6.7 (default from Apple)
  • Virtualenv 1.9.1
  • pip 1.3.1

And I cannot reproduce it. If I created a virtualenv with Python 2.6 (using virtualenv -p python2.6), and then run pip to install any package, it is able to correctly connect to PyPI and download it without any SSL warning.

It looks like the only difference is that you're using Python 2.6 from python.org. Can you please try whether using the system Python 2.6 fixes it?

@dougalsutherland

This comment has been minimized.

Show comment
Hide comment
@dougalsutherland

dougalsutherland Mar 18, 2013

For what it's worth, I'm seeing the same error on

  • OSX 10.8.3
  • default Apple OpenSSL
  • Virtualenv 1.9.1
  • pip 1.3.1

when I use the Python 2.7.3 that comes in EPD 7.3-2 in a virtualenv. I don't see the error using that same python outside of a virtualenv or using the system python 2.7.2.

dougalsutherland commented Mar 18, 2013

For what it's worth, I'm seeing the same error on

  • OSX 10.8.3
  • default Apple OpenSSL
  • Virtualenv 1.9.1
  • pip 1.3.1

when I use the Python 2.7.3 that comes in EPD 7.3-2 in a virtualenv. I don't see the error using that same python outside of a virtualenv or using the system python 2.7.2.

@olivierverdier

This comment has been minimized.

Show comment
Hide comment
@olivierverdier

olivierverdier Mar 20, 2013

Same problem here, without virtualenv.

My setting is a vanilla install from EPD. The steps to reproduce the error, on Mac OS X 10.8.2 are

  • Install EPD 7.3
  • easy_install pip
  • pip install --upgrade ipython

You will get the same error as everyone else:

/Library/Frameworks/Python.framework/Versions/7.3/bin/pip run on Wed Mar 20 10:58:59 2013
Getting page https://pypi.python.org/simple/ipython/
Could not fetch URL https://pypi.python.org/simple/ipython/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ipython/ when looking for download links for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Getting page https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ when looking for download links for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Cannot fetch index base URL https://pypi.python.org/simple/

URLs to search for versions for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages:
* https://pypi.python.org/simple/ipython/
Getting page https://pypi.python.org/simple/ipython/
Could not fetch URL https://pypi.python.org/simple/ipython/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ipython/ when looking for download links for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Could not find any downloads that satisfy the requirement ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Downloading/unpacking ipython

No distributions at all found for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1025, in prepare_files
    raise not_found
DistributionNotFound: No distributions at all found for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

olivierverdier commented Mar 20, 2013

Same problem here, without virtualenv.

My setting is a vanilla install from EPD. The steps to reproduce the error, on Mac OS X 10.8.2 are

  • Install EPD 7.3
  • easy_install pip
  • pip install --upgrade ipython

You will get the same error as everyone else:

/Library/Frameworks/Python.framework/Versions/7.3/bin/pip run on Wed Mar 20 10:58:59 2013
Getting page https://pypi.python.org/simple/ipython/
Could not fetch URL https://pypi.python.org/simple/ipython/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ipython/ when looking for download links for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Getting page https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ when looking for download links for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Cannot fetch index base URL https://pypi.python.org/simple/

URLs to search for versions for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages:
* https://pypi.python.org/simple/ipython/
Getting page https://pypi.python.org/simple/ipython/
Could not fetch URL https://pypi.python.org/simple/ipython/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>

Will skip URL https://pypi.python.org/simple/ipython/ when looking for download links for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Could not find any downloads that satisfy the requirement ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Downloading/unpacking ipython

No distributions at all found for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages

Exception information:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/basecommand.py", line 139, in main
    status = self.run(options, args)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/commands/install.py", line 266, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg/pip/req.py", line 1025, in prepare_files
    raise not_found
DistributionNotFound: No distributions at all found for ipython in /Library/Frameworks/Python.framework/Versions/7.3/lib/python2.7/site-packages
@olivierverdier

This comment has been minimized.

Show comment
Hide comment
@olivierverdier

olivierverdier Mar 20, 2013

For what it's worth, my problem was asked, and fixed, on SO: http://stackoverflow.com/questions/15441224/can-i-relink-enthought-python-to-new-version-of-openssl-on-mac-os-x

The solution is simply to downgrade pip with

easy_install pip==1.2.1

olivierverdier commented Mar 20, 2013

For what it's worth, my problem was asked, and fixed, on SO: http://stackoverflow.com/questions/15441224/can-i-relink-enthought-python-to-new-version-of-openssl-on-mac-os-x

The solution is simply to downgrade pip with

easy_install pip==1.2.1
@douglatornell

This comment has been minimized.

Show comment
Hide comment
@douglatornell

douglatornell Mar 21, 2013

@rasky I tried with a virtualenv based on the OS/X 10.8.2 system Python 2.6.7 as you requested, and I get the same result that you do - pip 1.3.1 installs packages without difficulty.

So, it would seem that the problem lies in the linkage of the installed OpenSSL library to the python.org Python 2.6.6 framework.

douglatornell commented Mar 21, 2013

@rasky I tried with a virtualenv based on the OS/X 10.8.2 system Python 2.6.7 as you requested, and I get the same result that you do - pip 1.3.1 installs packages without difficulty.

So, it would seem that the problem lies in the linkage of the installed OpenSSL library to the python.org Python 2.6.6 framework.

@davethecipo

This comment has been minimized.

Show comment
Hide comment
@davethecipo

davethecipo Mar 22, 2013

I have the same problem (no virtualenv) on archlinux ARM (running on the raspberry py). pip version: 1.3.1

davethecipo commented Mar 22, 2013

I have the same problem (no virtualenv) on archlinux ARM (running on the raspberry py). pip version: 1.3.1

@jasonkeene

This comment has been minimized.

Show comment
Hide comment
@jasonkeene

jasonkeene Mar 26, 2013

I have the same issue on python 2.6.6 OSX 10.6.8. Upgraded pip/distribute. Going to try reinstalling 2.6 and see if it fixes.

jasonkeene commented Mar 26, 2013

I have the same issue on python 2.6.6 OSX 10.6.8. Upgraded pip/distribute. Going to try reinstalling 2.6 and see if it fixes.

@ghost

This comment has been minimized.

Show comment
Hide comment
@ghost

ghost Mar 27, 2013

Downgrading to an older version of pip was the only thing I found that solved this. Did pypi change their certs or something?

ghost commented Mar 27, 2013

Downgrading to an older version of pip was the only thing I found that solved this. Did pypi change their certs or something?

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Mar 27, 2013

Contributor

@hivelocity ssl cert support is new in pip-1.3.1. many osx users have fixed this by getting to a python distribution that's linked against a newer openssl lib.

Contributor

qwcode commented Mar 27, 2013

@hivelocity ssl cert support is new in pip-1.3.1. many osx users have fixed this by getting to a python distribution that's linked against a newer openssl lib.

@mbarczak

This comment has been minimized.

Show comment
Hide comment
@mbarczak

mbarczak Apr 3, 2013

Same problem on pip 1.3.1(python 2.7.3) in Tomato enable router . Solved by downgrading pip to 1.2.1.

mbarczak commented Apr 3, 2013

Same problem on pip 1.3.1(python 2.7.3) in Tomato enable router . Solved by downgrading pip to 1.2.1.

@dubois

This comment has been minimized.

Show comment
Hide comment
@dubois

dubois Apr 4, 2013

FWIW, I am seeing this on a windows machine. Python 2.6.2, virtualenv 1.9.1 (which installs pip 1.3.1)

dubois commented Apr 4, 2013

FWIW, I am seeing this on a windows machine. Python 2.6.2, virtualenv 1.9.1 (which installs pip 1.3.1)

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Apr 4, 2013

Contributor

@dubois , can you report the text of your ssl error, also python -c "import ssl; print ssl.OPENSSL_VERSION" , thanks.

Contributor

qwcode commented Apr 4, 2013

@dubois , can you report the text of your ssl error, also python -c "import ssl; print ssl.OPENSSL_VERSION" , thanks.

@dubois

This comment has been minimized.

Show comment
Hide comment
@dubois

dubois Apr 9, 2013

Could not fetch URL https://pypi.python.org/simple/South/: There was a problem confirming the ssl certificate:
<urlopen error [Errno 1] _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm>

I forgot to mention earlier that the failing computer uses ActivePython 2.6.2.2, not a stock python.org build. OPENSSL_VERSION is a 2.7 feature, but "strings _ssl.pyd" shows "OpenSSL 0.9.8k 25 Mar 2009".

Additionally, I can confirm that (in Win32) upgrading to ActivePython 2.6.7.20 fixes the problem. Its_ssl.pyd uses OpenSSL 0.9.8r 8 Feb 2011. I believe ActiveState is a little more aggressive about updating OpenSSL in their builds, so YMMV if using a python.org build.

dubois commented Apr 9, 2013

Could not fetch URL https://pypi.python.org/simple/South/: There was a problem confirming the ssl certificate:
<urlopen error [Errno 1] _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm>

I forgot to mention earlier that the failing computer uses ActivePython 2.6.2.2, not a stock python.org build. OPENSSL_VERSION is a 2.7 feature, but "strings _ssl.pyd" shows "OpenSSL 0.9.8k 25 Mar 2009".

Additionally, I can confirm that (in Win32) upgrading to ActivePython 2.6.7.20 fixes the problem. Its_ssl.pyd uses OpenSSL 0.9.8r 8 Feb 2011. I believe ActiveState is a little more aggressive about updating OpenSSL in their builds, so YMMV if using a python.org build.

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode Apr 9, 2013

Contributor

thanks @dubois. just updated the description to more relevant to OSX and windows users.

Contributor

qwcode commented Apr 9, 2013

thanks @dubois. just updated the description to more relevant to OSX and windows users.

@jefreybulla

This comment has been minimized.

Show comment
Hide comment
@jefreybulla

jefreybulla Apr 15, 2013

@olivierverdier I tried different solutions proposed in this page, but yours was the one that work for me. I had to downgrade Pip:

easy_install pip==1.2.1

jefreybulla commented Apr 15, 2013

@olivierverdier I tried different solutions proposed in this page, but yours was the one that work for me. I had to downgrade Pip:

easy_install pip==1.2.1

@tash88

This comment has been minimized.

Show comment
Hide comment
@tash88

tash88 Apr 21, 2013

Hi, I would like to download nltk package for python and always get an error message saying that there is a problem confirming the ssl certificate. I'd really appreciate it if you could recommend me a solution to my problem :) here is the log:

Last login: Sun Apr 21 12:52:49 on ttys000
macbook-macbook-demo-2:~ MacBookDemo$ python -V
Python 2.7.4
macbook-macbook-demo-2:~ MacBookDemo$ sudo sh /Users/MacBookDemo/Downloads/setuptools-0.6c11-py2.7.egg
Password:
NProcessing setuptools-0.6c11-py2.7.egg
Removing /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
Copying setuptools-0.6c11-py2.7.egg to /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages
setuptools 0.6c11 is already the active version in easy-install.pth
Installing easy_install script to /Library/Frameworks/Python.framework/Versions/2.7/bin
Installing easy_install-2.7 script to /Library/Frameworks/Python.framework/Versions/2.7/bin

Installed /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
Processing dependencies for setuptools==0.6c11
Finished processing dependencies for setuptools==0.6c11
macbook-macbook-demo-2:~ MacBookDemo$
macbook-macbook-demo-2:~ MacBookDemo$ sudo easy_install pip
Searching for pip
Best match: pip 1.3.1
Processing pip-1.3.1-py2.7.egg
pip 1.3.1 is already the active version in easy-install.pth
Installing pip script to /Library/Frameworks/Python.framework/Versions/2.7/bin
Installing pip-2.7 script to /Library/Frameworks/Python.framework/Versions/2.7/bin

Using /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Processing dependencies for pip
Finished processing dependencies for pip
macbook-macbook-demo-2:~ MacBookDemo$ sudo pip install -U numpy
Downloading/unpacking numpy
Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/numpy/ when looking for download links for numpy
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/ when looking for download links for numpy
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/numpy/ when looking for download links for numpy
Could not find any downloads that satisfy the requirement numpy
No distributions at all found for numpy
Storing complete log in /Users/MacBookDemo/.pip/pip.log
macbook-macbook-demo-2:~ MacBookDemo$ sudo pip install -U pyyaml nltk
Downloading/unpacking pyyaml
Could not fetch URL https://pypi.python.org/simple/pyyaml/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pyyaml/ when looking for download links for pyyaml
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/ when looking for download links for pyyaml
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/pyyaml/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pyyaml/ when looking for download links for pyyaml
Could not find any downloads that satisfy the requirement pyyaml
No distributions at all found for pyyaml
Storing complete log in /Users/MacBookDemo/.pip/pip.log
macbook-macbook-demo-2:~ MacBookDemo$

tash88 commented Apr 21, 2013

Hi, I would like to download nltk package for python and always get an error message saying that there is a problem confirming the ssl certificate. I'd really appreciate it if you could recommend me a solution to my problem :) here is the log:

Last login: Sun Apr 21 12:52:49 on ttys000
macbook-macbook-demo-2:~ MacBookDemo$ python -V
Python 2.7.4
macbook-macbook-demo-2:~ MacBookDemo$ sudo sh /Users/MacBookDemo/Downloads/setuptools-0.6c11-py2.7.egg
Password:
NProcessing setuptools-0.6c11-py2.7.egg
Removing /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
Copying setuptools-0.6c11-py2.7.egg to /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages
setuptools 0.6c11 is already the active version in easy-install.pth
Installing easy_install script to /Library/Frameworks/Python.framework/Versions/2.7/bin
Installing easy_install-2.7 script to /Library/Frameworks/Python.framework/Versions/2.7/bin

Installed /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/setuptools-0.6c11-py2.7.egg
Processing dependencies for setuptools==0.6c11
Finished processing dependencies for setuptools==0.6c11
macbook-macbook-demo-2:~ MacBookDemo$
macbook-macbook-demo-2:~ MacBookDemo$ sudo easy_install pip
Searching for pip
Best match: pip 1.3.1
Processing pip-1.3.1-py2.7.egg
pip 1.3.1 is already the active version in easy-install.pth
Installing pip script to /Library/Frameworks/Python.framework/Versions/2.7/bin
Installing pip-2.7 script to /Library/Frameworks/Python.framework/Versions/2.7/bin

Using /Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg
Processing dependencies for pip
Finished processing dependencies for pip
macbook-macbook-demo-2:~ MacBookDemo$ sudo pip install -U numpy
Downloading/unpacking numpy
Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/numpy/ when looking for download links for numpy
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/ when looking for download links for numpy
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/numpy/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/numpy/ when looking for download links for numpy
Could not find any downloads that satisfy the requirement numpy
No distributions at all found for numpy
Storing complete log in /Users/MacBookDemo/.pip/pip.log
macbook-macbook-demo-2:~ MacBookDemo$ sudo pip install -U pyyaml nltk
Downloading/unpacking pyyaml
Could not fetch URL https://pypi.python.org/simple/pyyaml/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pyyaml/ when looking for download links for pyyaml
Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/ when looking for download links for pyyaml
Cannot fetch index base URL https://pypi.python.org/simple/
Could not fetch URL https://pypi.python.org/simple/pyyaml/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
Will skip URL https://pypi.python.org/simple/pyyaml/ when looking for download links for pyyaml
Could not find any downloads that satisfy the requirement pyyaml
No distributions at all found for pyyaml
Storing complete log in /Users/MacBookDemo/.pip/pip.log
macbook-macbook-demo-2:~ MacBookDemo$

@JacquesBBB

This comment has been minimized.

Show comment
Hide comment
@JacquesBBB

JacquesBBB May 15, 2013

I had the same problem with pip on a Beagle Bone Black
with

root@beaglebone:~# cat /proc/version
Linux version 3.8.13 (koen@rrMBP) (gcc version 4.7.3 20130205 (prerelease) (Linaro GCC 4.7-2013.02-01) ) #1 SMP Mon May 13 08:43:47 CEST 2013

root@beaglebone:~# pip --version
pip 1.3.1 from /usr/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg (python 2.7)

pip install pyFirmata
Downloading/unpacking pyFirmata
Could not fetch URL https://pypi.python.org/simple/pyFirmata/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_C

The problem was solved by downgrading to
root@beaglebone:~# pip --version
pip 1.2.1 from /usr/lib/python2.7/site-packages/pip-1.2.1-py2.7.egg (python 2.7)

Hope it will be solved in new versions.

Thanks for the help.

Jacques

JacquesBBB commented May 15, 2013

I had the same problem with pip on a Beagle Bone Black
with

root@beaglebone:~# cat /proc/version
Linux version 3.8.13 (koen@rrMBP) (gcc version 4.7.3 20130205 (prerelease) (Linaro GCC 4.7-2013.02-01) ) #1 SMP Mon May 13 08:43:47 CEST 2013

root@beaglebone:~# pip --version
pip 1.3.1 from /usr/lib/python2.7/site-packages/pip-1.3.1-py2.7.egg (python 2.7)

pip install pyFirmata
Downloading/unpacking pyFirmata
Could not fetch URL https://pypi.python.org/simple/pyFirmata/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_C

The problem was solved by downgrading to
root@beaglebone:~# pip --version
pip 1.2.1 from /usr/lib/python2.7/site-packages/pip-1.2.1-py2.7.egg (python 2.7)

Hope it will be solved in new versions.

Thanks for the help.

Jacques

@qwcode

This comment has been minimized.

Show comment
Hide comment
@qwcode

qwcode May 15, 2013

Contributor

@JacquesBBB at this time, there are no plans to make in changes in pip for this.
from the description: "there are currently no plans to offer a fix for this other than to recommend people to use a python that is linked to a more recent version of openssl."

Contributor

qwcode commented May 15, 2013

@JacquesBBB at this time, there are no plans to make in changes in pip for this.
from the description: "there are currently no plans to offer a fix for this other than to recommend people to use a python that is linked to a more recent version of openssl."

@yassersouri

This comment has been minimized.

Show comment
Hide comment
@yassersouri

yassersouri Jul 3, 2013

@qwcode I just downgraded my pip from 1.3.1 to 1.2.1 to fix this issue.

I think it should check my version of openssl linked to python when I install pip.

yassersouri commented Jul 3, 2013

@qwcode I just downgraded my pip from 1.3.1 to 1.2.1 to fix this issue.

I think it should check my version of openssl linked to python when I install pip.

@dannystaple

This comment has been minimized.

Show comment
Hide comment
@dannystaple

dannystaple Jul 11, 2013

This applies also to FC 17 too - on Linux. I have downgraded to 1.2.1. Perhaps 1.3.1 should no longer be recommended until this is fixed - it afflicts more than one of the boxes I work with.

dannystaple commented Jul 11, 2013

This applies also to FC 17 too - on Linux. I have downgraded to 1.2.1. Perhaps 1.3.1 should no longer be recommended until this is fixed - it afflicts more than one of the boxes I work with.

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Jul 11, 2013

Member

Downgrading to pip 1.2 means you're downloading packages with zero authentication and then executing the code inside of them. I hope for your sake your computer is never on a malicious network because it's absolutely trivial for an attacker to pwn your box if you're using 1.2.

If this is affecting boxes you're working with it is imperative that you install using pip 1.3+. Doing otherwise is highly insecure.

Member

dstufft commented Jul 11, 2013

Downgrading to pip 1.2 means you're downloading packages with zero authentication and then executing the code inside of them. I hope for your sake your computer is never on a malicious network because it's absolutely trivial for an attacker to pwn your box if you're using 1.2.

If this is affecting boxes you're working with it is imperative that you install using pip 1.3+. Doing otherwise is highly insecure.

@dannystaple

This comment has been minimized.

Show comment
Hide comment
@dannystaple

dannystaple Jul 11, 2013

Which linux distro's and mac sidekick distro's actually have a compliant Python 2.7.x binary in them? I can understand the need for security - but right now it is effectively broken for people who aren't downloading the build tools and recompiling their own python. It may seem lazy not to want to do so - but I've not needed to merely to use pip packaging before.

dannystaple commented Jul 11, 2013

Which linux distro's and mac sidekick distro's actually have a compliant Python 2.7.x binary in them? I can understand the need for security - but right now it is effectively broken for people who aren't downloading the build tools and recompiling their own python. It may seem lazy not to want to do so - but I've not needed to merely to use pip packaging before.

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Jul 11, 2013

Member

It works fine with Homebew Python on OSX and Ubuntu 12.04 LTS. I don't have other distributions handy to take a look to build some compatibility matrix. I don't mean to be dismissive but if the distribution you're using provides a openssl that doesn't work with SSL certs w/ sha1 they are shipping an insecure openssl afaik. Using MD5 digests for SSL certificates are vulnerable to collision attacks.

Member

dstufft commented Jul 11, 2013

It works fine with Homebew Python on OSX and Ubuntu 12.04 LTS. I don't have other distributions handy to take a look to build some compatibility matrix. I don't mean to be dismissive but if the distribution you're using provides a openssl that doesn't work with SSL certs w/ sha1 they are shipping an insecure openssl afaik. Using MD5 digests for SSL certificates are vulnerable to collision attacks.

@dstufft

This comment has been minimized.

Show comment
Hide comment
@dstufft

dstufft Jul 14, 2013

Member

I'm going to close this ticket. There's no actionable item here. People with old versions of openssl that don't support sha1 SSL certificates need to upgrade or else they are insecure. If they wish to be insecure they can continue using pip 1.2.

Member

dstufft commented Jul 14, 2013

I'm going to close this ticket. There's no actionable item here. People with old versions of openssl that don't support sha1 SSL certificates need to upgrade or else they are insecure. If they wish to be insecure they can continue using pip 1.2.

@dstufft dstufft closed this Jul 14, 2013

matthew-brett added a commit to nipy/nibotmi that referenced this issue Mar 5, 2014

RF: remove python 2.6 mpkg build
Python 2.6 binary installer on OSX now appears to be too old to use up-to-date
pip for installing - it gives SSL certificate errors:

pypa/pip#829

Remove Python 2.6 OSX binary builders.
@pedroteixeira

This comment has been minimized.

Show comment
Hide comment
@pedroteixeira

pedroteixeira Apr 10, 2014

This issue still happens.. even trying to access a https url with a valid ssl certificate, even with the new openssl version:

python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.1e 11 Feb 2013

Not really sure what's causing:

connection error: [Errno 1] _ssl.c:509: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

pedroteixeira commented Apr 10, 2014

This issue still happens.. even trying to access a https url with a valid ssl certificate, even with the new openssl version:

python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.1e 11 Feb 2013

Not really sure what's causing:

connection error: [Errno 1] _ssl.c:509: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
@Ivoz

This comment has been minimized.

Show comment
Hide comment
@Ivoz

Ivoz Apr 11, 2014

Member

@pedroteixeira could you open a new issue with information on your OS, python, and url you were trying to download? It seems a different OpenSSL issue than the original issue.

Member

Ivoz commented Apr 11, 2014

@pedroteixeira could you open a new issue with information on your OS, python, and url you were trying to download? It seems a different OpenSSL issue than the original issue.

@pedroteixeira

This comment has been minimized.

Show comment
Hide comment
@pedroteixeira

pedroteixeira Apr 11, 2014

it happens when using a wildcard ssl certificate + simple nginx index -- buts it's probably not a pip issue. I'll try to troubleshoot it better before posting.

pedroteixeira commented Apr 11, 2014

it happens when using a wildcard ssl certificate + simple nginx index -- buts it's probably not a pip issue. I'll try to troubleshoot it better before posting.

@kyledmoore

This comment has been minimized.

Show comment
Hide comment
@kyledmoore

kyledmoore Apr 30, 2014

I have this issue and in my case I'm fairly certain it's due to my company's proxy (all HTTPS traffic is routed through it). I'd guess this is the same deal with many others who are unaware of such a proxy MIM setup. I need to add my co's root CA cert to whatever cert store python uses, but I'm new to Python and am unsure how this is done.

I added the pem data to C:\Python34\Lib\site-packages\pip_vendor\requests\cacert.pem, but no go. I guess i'll decode the installer bin, extract it and see what args I might be able to pass in to disable validation or retrieve the libs from another (local) location.

EDIT: N/M, found bootstrap below base64 blob and saw reference to PIP_CERT env var. I ran get-pip again using alternate pem and did not get the error, although, the output suggested it installed successfully in the prior runs:

Requirement already up-to-date: pip in c:\python34\lib\site-packages
Cleaning up...

kyledmoore commented Apr 30, 2014

I have this issue and in my case I'm fairly certain it's due to my company's proxy (all HTTPS traffic is routed through it). I'd guess this is the same deal with many others who are unaware of such a proxy MIM setup. I need to add my co's root CA cert to whatever cert store python uses, but I'm new to Python and am unsure how this is done.

I added the pem data to C:\Python34\Lib\site-packages\pip_vendor\requests\cacert.pem, but no go. I guess i'll decode the installer bin, extract it and see what args I might be able to pass in to disable validation or retrieve the libs from another (local) location.

EDIT: N/M, found bootstrap below base64 blob and saw reference to PIP_CERT env var. I ran get-pip again using alternate pem and did not get the error, although, the output suggested it installed successfully in the prior runs:

Requirement already up-to-date: pip in c:\python34\lib\site-packages
Cleaning up...

matthew-brett added a commit to python-pillow/pillow-wheels that referenced this issue Jul 4, 2014

RF: remove 2.6 build
2.6 build hit a problem with old pip and SSL:
pypa/pip#829

Rather than struggle through, just remove that build.
@adamjmendoza

This comment has been minimized.

Show comment
Hide comment
@adamjmendoza

adamjmendoza Jul 11, 2014

This issue still happens with the latest version of python and pip on Windows 8.1.

C:\Windows\system32>python -V
Python 3.4.1

C:\Windows\system32>pip --version
pip 1.5.6 from C:\Python34\lib\site-packages (python 3.4)

C:\Windows\system32>


C:\Windows\system32>pip install ssl
Downloading/unpacking ssl
  Cannot fetch index base URL https://pypi.python.org/simple/
  Could not find any downloads that satisfy the requirement ssl
Cleaning up...
No distributions at all found for ssl
Storing debug log for failure in C:\Users\adam\pip\pip.log

C:\Windows\system32>

adamjmendoza commented Jul 11, 2014

This issue still happens with the latest version of python and pip on Windows 8.1.

C:\Windows\system32>python -V
Python 3.4.1

C:\Windows\system32>pip --version
pip 1.5.6 from C:\Python34\lib\site-packages (python 3.4)

C:\Windows\system32>


C:\Windows\system32>pip install ssl
Downloading/unpacking ssl
  Cannot fetch index base URL https://pypi.python.org/simple/
  Could not find any downloads that satisfy the requirement ssl
Cleaning up...
No distributions at all found for ssl
Storing debug log for failure in C:\Users\adam\pip\pip.log

C:\Windows\system32>
@Ivoz

This comment has been minimized.

Show comment
Hide comment
@Ivoz

Ivoz Jul 12, 2014

Member

@adamjmendoza any detailed notes on what your actual error is?

Member

Ivoz commented Jul 12, 2014

@adamjmendoza any detailed notes on what your actual error is?

@adamjmendoza

This comment has been minimized.

Show comment
Hide comment
@adamjmendoza

adamjmendoza Jul 12, 2014

@Ivoz ,
This is the error log. I tried with pymongo and ssl.

------------------------------------------------------------
C:\Python34\Scripts\pip run on 07/11/14 11:30:44
Downloading/unpacking ssl
  Getting page https://pypi.python.org/simple/ssl/
  Could not fetch URL https://pypi.python.org/simple/ssl/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/ssl/ when looking for download links for ssl
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for ssl
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for ssl:
  * https://pypi.python.org/simple/ssl/
  Getting page https://pypi.python.org/simple/ssl/
  Could not fetch URL https://pypi.python.org/simple/ssl/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/ssl/ when looking for download links for ssl
  Could not find any downloads that satisfy the requirement ssl
Cleaning up...
  Removing temporary dir C:\Users\adam\AppData\Local\Temp\pip_build_adam...
No distributions at all found for ssl
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for ssl

adamjmendoza commented Jul 12, 2014

@Ivoz ,
This is the error log. I tried with pymongo and ssl.

------------------------------------------------------------
C:\Python34\Scripts\pip run on 07/11/14 11:30:44
Downloading/unpacking ssl
  Getting page https://pypi.python.org/simple/ssl/
  Could not fetch URL https://pypi.python.org/simple/ssl/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/ssl/ when looking for download links for ssl
  Getting page https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/ when looking for download links for ssl
  Cannot fetch index base URL https://pypi.python.org/simple/
  URLs to search for versions for ssl:
  * https://pypi.python.org/simple/ssl/
  Getting page https://pypi.python.org/simple/ssl/
  Could not fetch URL https://pypi.python.org/simple/ssl/: connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
  Will skip URL https://pypi.python.org/simple/ssl/ when looking for download links for ssl
  Could not find any downloads that satisfy the requirement ssl
Cleaning up...
  Removing temporary dir C:\Users\adam\AppData\Local\Temp\pip_build_adam...
No distributions at all found for ssl
Exception information:
Traceback (most recent call last):
  File "C:\Python34\lib\site-packages\pip\basecommand.py", line 122, in main
    status = self.run(options, args)
  File "C:\Python34\lib\site-packages\pip\commands\install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "C:\Python34\lib\site-packages\pip\req.py", line 1177, in prepare_files
    url = finder.find_requirement(req_to_install, upgrade=self.upgrade)
  File "C:\Python34\lib\site-packages\pip\index.py", line 277, in find_requirement
    raise DistributionNotFound('No distributions at all found for %s' % req)
pip.exceptions.DistributionNotFound: No distributions at all found for ssl

@coddingtonbear coddingtonbear referenced this issue Sep 24, 2014

Closed

SSL error #5

@AnneTheAgile

This comment has been minimized.

Show comment
Hide comment
@AnneTheAgile

AnneTheAgile Nov 9, 2014

@adamjmendoza , what happens when you try to update python? In my case [1] it was a point version that was off, eg I had 2.7 but the version of 2.7 was not sufficient.
@Ivoz , thank you for the heads up!
AnneTheAgile
[1] zonca/pytest-ipynb#1

AnneTheAgile commented Nov 9, 2014

@adamjmendoza , what happens when you try to update python? In my case [1] it was a point version that was off, eg I had 2.7 but the version of 2.7 was not sufficient.
@Ivoz , thank you for the heads up!
AnneTheAgile
[1] zonca/pytest-ipynb#1

@dikkedimi

This comment has been minimized.

Show comment
Hide comment
@dikkedimi

dikkedimi Jul 10, 2018

Having this issue on macOS 10.12.6. Trying to easy install pip and it won't use my --prefix path (still uses /Library/Python/2.7/site-packages/test-easy-install-28943.pth)

curl https://bootstrap.pypa.io/get-pip.py | python --user pip

also fails with error:

 % Total    % Received % Xferd  Average Speed   Time    Time  Unknown option: --
usage: /usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python [option] ... [-c cmd | -m mod | file | -] [arg] ...
Try `python -h' for more information.
python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.2o  27 Mar 2018

So how do I update OpenSSL? Should be easy enough to mention here?

dikkedimi commented Jul 10, 2018

Having this issue on macOS 10.12.6. Trying to easy install pip and it won't use my --prefix path (still uses /Library/Python/2.7/site-packages/test-easy-install-28943.pth)

curl https://bootstrap.pypa.io/get-pip.py | python --user pip

also fails with error:

 % Total    % Received % Xferd  Average Speed   Time    Time  Unknown option: --
usage: /usr/local/Cellar/python@2/2.7.15_1/Frameworks/Python.framework/Versions/2.7/Resources/Python.app/Contents/MacOS/Python [option] ... [-c cmd | -m mod | file | -] [arg] ...
Try `python -h' for more information.
python -c "import ssl; print ssl.OPENSSL_VERSION"
OpenSSL 1.0.2o  27 Mar 2018

So how do I update OpenSSL? Should be easy enough to mention here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment