Python:在Windows上强制虚拟环境使用系统证书存储

huangapple go评论59阅读模式
英文:

Python: Force Virtual Environments to use system certificate store on Windows

问题

我的公司使用VPN,但它与PIP证书验证默认不兼容。当我使用pip install asyncio安装包时,出现以下错误:

> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/

在系统范围的Python安装中,可以通过以下方法绕过这个问题:

pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip-system-certs

之后,将使用Windows证书存储,其中包含VPN的CA。现在,我只需使用:

pip install asyncio 

一切都能正常工作。

然而,如果我使用虚拟环境,我又回到了同样的问题,必须首先安装pip-system-certs:

python -m venv C:\location\of\venv
cd C:\location\of\venv
.\Scripts\activate
pip install asyncio

> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/

这使得与类似Poetry的系统一起工作非常困难,因为所有配置都需要更改。

是否有办法强制系统上的所有Python虚拟环境使用系统证书存储?

英文:

My company uses a VPN, which does not work with the PIP certificate check out of the box. When I install a package with pip install asyncio, it gives me the following error:
> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/

In the system wide python installation, this can be circumvented by using:

pip install --trusted-host pypi.org --trusted-host pypi.python.org --trusted-host files.pythonhosted.org pip-system-certs

After that, the Windows certificate store is used, which contains the CA for the VPN. Now, I can just use:

pip install asyncio 

and all works fine.

However, if I use a virtual environment, I am back in the same position of having to first install pip-system-certs:

python -m venv C:\location\of\venv
cd C:\location\of\venv
.\Scripts\activate
pip install asyncio

> Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:992)'))': /simple/asyncio/

This makes working with systems like Poetry very difficult, because all configurations need to change.

Is there a way to force all Python Virtual Environments on my system to use the system certificate store?

答案1

得分: 2

我遇到过类似的问题,但是在 Linux 机器上。解决问题的方法如下:

  1. 检查证书存储在你的 "全局" 环境中的位置。

  2. 检查虚拟环境中的位置。例如,使用以下命令:

    python3 -m certifi
    

    输出应该类似于:

    /path/to/global_env/certificate1.crt
    
  3. 用全局环境的证书替换虚拟环境的证书。

    mv /path/to/global_env/certificate1.crt /path/to/virtualenv/certificate2.pem
    

现在两个环境都使用相同的证书文件。

英文:

I had a similar problem, but on a Linux machine. What solved the problem for me was the following:

  1. check where the certificate is stored in your "global" environment

  2. check the same for the virtual environment. Use, for example

    >> python3 -m certifi
    output is something like this:
    /path/to/global_env/certificate1.crt
    
  3. replace the virtual environment's certificate with that of the global environment

    mv /path/to/global_env/certificate1.crt /path/to/virtualenv/certificate2.pem
    

Now the same certificate file is used in both environments.

huangapple
  • 本文由 发表于 2023年2月14日 19:52:28
  • 转载请务必保留本文链接:https://go.coder-hub.com/75447445.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定