Pipenv: CERTIFICATE_VERIFY_FAILED error when installing dependencies
Hi,
I have installed pipenv for the first time on my system by following the fancy installation method (because I have excellent taste!) and the world was a happy place to live in.
Then I went on running the following given the project I started to work on did not know about the wonders of pipenv:
pipenv install -r a_folder/requirements.txt
But then, suddenly the world was a sad place to live in. I got the following:
Requirements file provided! Importing into Pipfile…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Traceback (most recent call last):
File "/Users/my_user/.local/bin/pipenv", line 11, in <module>
sys.exit(cli())
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/vendor/click/core.py", line 722, in __call__
return self.main(*args, **kwargs)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/vendor/click/core.py", line 697, in main
rv = self.invoke(ctx)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/vendor/click/core.py", line 1066, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/vendor/click/core.py", line 895, in invoke
return ctx.invoke(self.callback, **ctx.params)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/vendor/click/core.py", line 535, in invoke
return callback(*args, **kwargs)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/cli.py", line 1785, in install
do_init(dev=dev, allow_global=system, ignore_pipfile=ignore_pipfile, system=system, skip_lock=skip_lock, verbose=verbose, concurrent=concurrent, deploy=deploy)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/cli.py", line 1293, in do_init
do_lock(system=system)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/cli.py", line 1083, in do_lock
pre=pre
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/pipenv/utils.py", line 450, in resolve_deps
r = requests.get('https://pypi.org/pypi/{0}/json'.format(name))
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/requests/sessions.py", line 521, in get
return self.request('GET', url, **kwargs)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/Users/my_user/.local/venvs/pipenv/lib/python2.7/site-packages/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/idna/json (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)'),))
Is this expected?
Here's some more info which I hope it will be useful:
$ pipenv --venv
/Users/my_user/.local/share/virtualenvs/the_project_folder-kENjJPUz
$ pipenv --version
pipenv, version 8.2.6
$ pipenv run python --version
Python 2.7.14
$ python --version
2.7.10
# My requirements.txt file
boto==2.48.0
fabric==1.14.0
# My automatically-generated Pipenv file
[[source]]
url = "https://pypi.python.org/simple"
verify_ssl = true
name = "pypi"
[dev-packages]
[packages]
boto = "==2.48.0"
fabric = "==1.14.0"
OS is macOS Sierra 10.12.4.
Anything you need to help troubleshoot this just let me know.
Thanks!
walterdolce
All 15 comments
Do you happen to have the security extra installed globally with requests?
erinxocon
on 5 Oct 2017
@erinxocon what do "security extra" and "installed globally with requests" mean?
Python is not my first programming language so I might miss something here :)
walterdolce
on 5 Oct 2017
@walterdolce, I believe @erinxocon was asking if you'd installed requests[security] rather than just a requests. The real issue here is whether you have pyopenssl installed. I haven't had a moment to look into this but due to the sudden surge in issues around this, I'm think they may have possibly done a new release?
If you can confirm whether or not pop freeze shows pyopenssl, and what the version number is, that would be sufficient.
nateprewitt
on 5 Oct 2017
@nateprewitt
$ pip2 freeze
boto3==1.4.4
botocore==1.5.75
docutils==0.13.1
futures==3.1.1
jmespath==0.9.3
python-dateutil==2.6.0
s3transfer==0.1.10
six==1.10.0
virtualenv==15.1.0
I did indeed @nateprewitt. Thanks for the clarity :)
erinxocon
on 5 Oct 2017
@nateprewitt since he installed it with pipsi, wouldn't we have to check out the packages installed in the pipsi virtualenv?
erinxocon
on 5 Oct 2017
@erinxocon FYI
$ pipsi list
Packages and scripts installed through pipsi:
Package "pew":
pew
Package "pipenv":
pipenv
Package "pipsi":
pipsi
I was wondering if something else on the path was affecting the installation. I'm not entirely sure why this is getting hit though. Are you running behind a proxy or unique network configuration @walterdolce?
nateprewitt
on 5 Oct 2017
@walterdolce could you also echo out your $PATH?
erinxocon
on 5 Oct 2017
@nateprewitt Hmmmm good catch! I am indeed currently behind the company network which has various layers of security a request has to go through.
I just tried this while connected to the mobile hotspot and...
Requirements file provided! Importing into Pipfile…
Pipfile.lock not found, creating…
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
Updated Pipfile.lock (e97738)!
Installing dependencies from Pipfile.lock (e97738)…
🐍 ▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉▉ 12/12 — 00:00:13
To activate this project's virtualenv, run the following:
$ pipenv shell
I shall raise this internally to fix. Thanks both @erinxocon @nateprewitt for the speedy responses and help provided!
walterdolce
on 5 Oct 2017
@walterdolce No problem! @nateprewitt saves the day! Also thank you so much for using that gif.
erinxocon
on 5 Oct 2017
Hi guys, sorry to keep the conversation/issue going.
I raised this internally and the relevant team confirmed there's some filtering/SSL certificate verification magic going on under the hood which for security reasons can't be disabled/worked around with for certain operations. Obviously switching back and forth the corporate network is not ideal and is not a workable solution.
Is there a way to specify SSL-related parameters in pipenv?
By the look of it seems not but I might be missing something. Thank you in advance.
walterdolce
on 6 Oct 2017
Update, if I hardcode the company's root certificate (pem) in /.local/venvs/pipenv/lib/python2.7/site-packages/requests/sessions.py:372 it still fails, but with a different error. Note that the {{library}} name below is an element that changes. So it looks like it's going through them intermittently?
requests.exceptions.SSLError: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/{{library}}/json (Caused by SSLError(SSLError(336265225, u'[SSL] PEM lib (_ssl.c:2712)'),))
Another update. Installing packages via pip works just fine. Hitting the pypi.org endpoint via curl and via raw Python code inside the REPL works fine too. So I'm not sure whether there is effectively something wrong with pipenv or requests which is being used under the hood.
walterdolce
on 6 Oct 2017
NVM. I had something misconfigured on my machine. Ignore me :)
walterdolce
on 6 Oct 2017
Related issues
jeyraof
·
3Comments
marc-fez
·
3Comments
leileigong
·
3Comments
fbender
·
3Comments
johnjiang
·
3Comments
Most helpful comment
@walterdolce No problem! @nateprewitt saves the day! Also thank you so much for using that gif.