- Pip version: 10.0.1
- Python version: 3.4.6
- Operating system: SLES12 SP3
Description:
I am running pip behind a proxy that opens https connections. Therefore I need to accept an arbitrary ssl certificate for pypi.python.org when running pip. For some reason pip just ignores the --trusted-host option and exits with CERTIFICATE_VERIFY_FAILED .
What I've run:
pip install jinja2 --trusted-host pypi.python.org -v
Created temporary directory: /tmp/pip-ephem-wheel-cache-q1r_ggzj
Created temporary directory: /tmp/pip-install-ez499a7b
Collecting jinja2
1 location(s) to search for versions of jinja2:
* https://pypi.org/simple/jinja2/
Getting page https://pypi.org/simple/jinja2/
Looking up "https://pypi.org/simple/jinja2/" in the cache
No cache entry available
Starting new HTTPS connection (1): pypi.org
Incremented Retry for (url='/simple/jinja2/'): Retry(total=4, connect=None, read=None, redirect=None, status=None)
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)'),)': /simple/jinja2/
Running with
--trusted-host pypi.org --trusted-host pypi.python.org
would not help as well.
profhase
All 14 comments
With the switch to Warehouse for PyPI, you need --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org, can you try with that?
benoit-pierre
on 3 May 2018
I'm running into the same thing but trying to install something else. I also removed our proxy from the equation. Adding --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org did not help.
dullahan8
on 3 May 2018
@dullahan8 @profhase Could you post the output of running with the options @benoit-pierre suggests and --verbose as well?
pip install --verbose --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org six
pradyunsg
on 6 May 2018
@pradyunsg The call I have posted in my request is verbose
pip install jinja2 --trusted-host pypi.python.org -v
When I add --trusted-host=files.pythonhosted.org nothing changes., it is the same output. By the output it looks like pip simply ignores trusted-host
profhase
on 7 May 2018
@profhase the log indicates it is looking at the _new_ locations, which is why they asked you to run with the new hostnames.
that isn't the same name you are telling is trusted.
ntravis
on 8 May 2018
@ntravis Thanks for the point, indeed:
pip install --trusted-host=pypi.org --trusted-host=files.pythonhosted.org jinja2
did the trick
profhase
on 8 May 2018
it's work for me
pip install --verbose --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org
kkaradag2
on 5 Sep 2018
Trusted-hosts still seems to be ignored...
pip3 install --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org pyodbc
Collecting pyodbc
Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)': /s/files.pythonhosted.org/packages/aa/70/93a4e75ab19f4e0fa57c4467a8b167674800cf8c8adcf6782c64a0a49a4d/pyodbc-4.0.24.tar.gz?X-OpenDNS-Session=_e9e0ff5d09eb2040230aaea0a395202192679270f04c_bd3ec7dd_
Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)': /s/files.pythonhosted.org/packages/aa/70/93a4e75ab19f4e0fa57c4467a8b167674800cf8c8adcf6782c64a0a49a4d/pyodbc-4.0.24.tar.gz?X-OpenDNS-Session=_e9e0ff5d09eb2040230aaea0a395202192679270f04c_bd3ec7dd_
Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)': /s/files.pythonhosted.org/packages/aa/70/93a4e75ab19f4e0fa57c4467a8b167674800cf8c8adcf6782c64a0a49a4d/pyodbc-4.0.24.tar.gz?X-OpenDNS-Session=_e9e0ff5d09eb2040230aaea0a395202192679270f04c_bd3ec7dd_
Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)': /s/files.pythonhosted.org/packages/aa/70/93a4e75ab19f4e0fa57c4467a8b167674800cf8c8adcf6782c64a0a49a4d/pyodbc-4.0.24.tar.gz?X-OpenDNS-Session=_e9e0ff5d09eb2040230aaea0a395202192679270f04c_bd3ec7dd_
Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",),)': /s/files.pythonhosted.org/packages/aa/70/93a4e75ab19f4e0fa57c4467a8b167674800cf8c8adcf6782c64a0a49a4d/pyodbc-4.0.24.tar.gz?X-OpenDNS-Session=_e9e0ff5d09eb2040230aaea0a395202192679270f04c_bd3ec7dd_
Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org.x.e9e0ff5d09eb2040230aaea0a39520219267.9270f04c.id.opendns.com', port=443): Max retries exceeded with url: /s/files.pythonhosted.org/packages/aa/70/93a4e75ab19f4e0fa57c4467a8b167674800cf8c8adcf6782c64a0a49a4d/pyodbc-4.0.24.tar.gz?X-OpenDNS-Session=_e9e0ff5d09eb2040230aaea0a395202192679270f04c_bd3ec7dd_ (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)"
otter-chazzs
on 12 Oct 2018
@otter-chazzs the error indicates an ssl3 connection. That isn't allowed on Fastly (the CDN for pypi). You might also just be able to remove the first host since I don't think it is valid any longer (just gets redirected), but if that fails to fix it, you should provide version of pip3 and python. This SO answer might get you squared away though (that is what I did for python2 older versions, unsure if 3 needs it)
ntravis
on 13 Oct 2018
pip 18.1
python 3.6.4
removing the first host did not fix the problem.
i gave that SO answer a look and i get SSL problems with that solution too. :(
ill probably have to download the wheel and install it directly. ¯\_(ツ)_/¯
This is a Cygwin instance i am having trouble with (it works fine on a linux system)
otter-chazzs
on 18 Oct 2018
This line worked for me:
pip install requests==2.18.4 --user --trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org
Using a file-requeriments.txt, i could not figure out!! If someone knows how, thanks to share it... :)
diegoavillegasg
on 13 Nov 2018
Just a note to others who may be struggling with this:, having Fiddler led to this exact problem for me. Closed Fiddler and everything worked fine.
schellw
on 27 Mar 2019
Fiddler was causing the issue for me as well. Disabling Https Connection capture fixed it.
Thank you Schellw!
Dlu6
on 29 Apr 2019
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
![lock[bot] picture](https://avatars1.githubusercontent.com/in/6672?v=4&s=40)
lock[bot]
on 30 May 2019
Related issues
dmfigol
·
3Comments
sbidoul
·
3Comments
reynoldsnlp
·
3Comments
dstufft
·
3Comments
ncoghlan
·
3Comments
Most helpful comment
With the switch to Warehouse for PyPI, you need
--trusted-host=pypi.python.org --trusted-host=pypi.org --trusted-host=files.pythonhosted.org, can you try with that?