[New-bugs-announce] [issue38926] MacOS: 'Install certificates.command' has no effect

Jeff Berkowitz report at bugs.python.org
Tue Nov 26 21:30:57 EST 2019


New submission from Jeff Berkowitz <pdxjjb at gmail.com>:

After using the Python-supported installer to install 3.8.0 on my employer-owned Mac running High Sierra (10.13.6), the 'Install Certificates.command' had no apparently effect on the behavior of Python.

The behavior before executing the script was that a Python program using urllib3 was unable to verify that public certificate of github.com. Using curl, I could download via the desired URL. But the Python program could not, consistently throwing SSL verify errors instead.

I ran the command script several times. I verified that the symlink cert.pem was created in /Library/Frameworks/Python.framework/Versions/3.8/etc/openssl and that it contained "../../lib/python3.8/site-packages/certifi/cacert.pem" and I verified that the latter file had content (4558 lines) and was readable. And that it did contain the root cert for Github.

But despite that and despite multiple new shell windows and so on, I could never get Python to regard the certs. I eventually worked around this by: export SSL_CERT_FILE=/etc/ssl/cert.pem. After this, the Python program using urllib3 could verify Github.com's public cert. But as I understand things, this env var is actually regarded by the OpenSSL "C" library itself, not Python.(?) Which, if true, raises the question of why this was necessary.

Of course, there's quite likely something in my environment that is causing this. But it would be nice to know what.

----------
components: macOS
messages: 357549
nosy: Jeff Berkowitz, ned.deily, ronaldoussoren
priority: normal
severity: normal
status: open
title: MacOS: 'Install certificates.command' has no effect
type: behavior
versions: Python 3.8

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue38926>
_______________________________________


More information about the New-bugs-announce mailing list