How to get easy_install to ignore certifcate

Question 1

How to get easy_install to ignore certifcate

python easy-install

Jackie · Oct 1, 2015 · Viewed 11.3k times · Source

Answer

Answer

I believe your easy_install ultimately goes to setuptools, which has its SSL helper. On my Linux it was at /usr/lib/python2.7/site-packages/setuptools/ssl_support.py. There are 2 ways from there basically:

I would recommend obtaining the certificate and manually adding it, you will find the locations inside the ssl_support.py. These lines caught my attention:
```
cert_paths = """
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/certs/ca-certificates.crt
/usr/share/ssl/certs/ca-bundle.crt
/usr/local/share/certs/ca-root.crt
/etc/ssl/cert.pem
/System/Library/OpenSSL/certs/cert.pem
""".strip().split()
```
Just append your certificate to any of them. See here how to obtain a certifiate using openssl s_client: Using openssl to get the certificate from a server
Taking the humoring a bit further, you can completely disable SSL verification in your setuptools helper. The following lines in ssl_support.py caught my attention:
```
try:
  import ssl
except ImportError:
  ssl = None
```
I just added ssl = None after, so that:
```
try:
  import ssl
except ImportError:
  ssl = None

ssl = None
```

Question 2

Our network install is not the best, so I need to tell applications that communicate over ssl to ignore the certificate. Had to do the same this with NPM, etc. So now when I run...

$ easy_install pip
...
Download error on https://pypi.python.org/simple/pip/: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) -- Some packages may not be found!

So how do I turn off this validation?

P.S. I know this is a security vector but humor me.

How to get easy_install to ignore certifcate

Answer

Related questions