Can I relink enthought python to new version of openssl on Mac OS X?

Asked 15/3, 2013 at 20:6 Answered 19/9, 2014 at 18:24

Solved python macos openssl pip enthought

This morning, I'm running into SSL related problems using EPD 7.3 on Mac OS X 10.6.8. When I run pip (version 1.3.1), I get:

pip install requests
Downloading/unpacking requests
  Could not fetch URL https://pypi.python.org/simple/requests/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
  Will skip URL https://pypi.python.org/simple/requests/ when looking for download links for requests
  Could not fetch URL https://pypi.python.org/simple/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
  Will skip URL https://pypi.python.org/simple/ when looking for download links for requests
  Cannot fetch index base URL https://pypi.python.org/simple/
  Could not fetch URL https://pypi.python.org/simple/requests/: There was a problem confirming the ssl certificate: <urlopen error [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm>
  Will skip URL https://pypi.python.org/simple/requests/ when looking for download links for requests
  Could not find any downloads that satisfy the requirement requests
No distributions at all found for requests

I think I'm running into the problem detailed in https://github.com/pypa/pip/issues/829 and https://groups.google.com/d/msg/python-virtualenv/C_a_IX_8Ejc/83l8XfpUarQJ -- that is, the version of openssl linked to python is too old:

python -c "import ssl; print ssl.OPENSSL_VERSION"

returns

OpenSSL 0.9.7l 28 Sep 2006

My question is whether it's possible for me to get the EPD Mac version of Python to link to a newer version of openssl -- or is this change something Enthought needs to do?

(I just figured out to compile openssl on my Mac (using instructions at http://techscienceinterest.blogspot.com/2010/12/compiling-openssl-on-mac-os-x-snow.html) and use homebrew to build my own Python executable to use a newer version of openssl (http://hackercodex.com/guide/python-virtualenv-on-mac-osx-mountain-lion-10.8/).

Studious answered 15/3, 2013 at 20:6 Comment(0)

Raymond, thanks for the report. EPD's successor, now in late beta, contains OpenSSL 0.9.8r 8 Feb 2011, and does not have this problem. (FWIW, it also contains a recent version of requests, which you were attempting to install when you hit the SSL issue.)

It will be out of beta very soon, but in the meantime I see that you already have a beta invitation if you would like to try it there.

We will also investigate possible fixes or workarounds for EPD 7.3.

Heredes answered 17/3, 2013 at 14:32 Comment(3)

Jonathan: thanks. It was actually in using pip 1.3.1 that I ran into this problem. My workaround: use easy_install to downgrade to pip 1.2.1 for the time being. – Studious 17/3, 2013 at 14:38

Be careful, because before pip 1.3 it was very insecure, and pip 1.3 added SSL support to PyPI installations. – Steady 24/3, 2013 at 16:29

I know that pip 1.3 with SSL is a good thing, but when pip 1.3 doesn't work at all in my context, I'm willing to live a little dangerously and use pip 1.2.1 for the time being. – Studious 2/4, 2013 at 2:19

I'm finding that with the new SSL-conscious pypi I have to allow-unverified and allow-external for a lot of packages. So for requests, this would be:

pip install --upgrade --force-reinstall --allow-all-external --allow-unverified requests requests

Aurignacian answered 19/9, 2014 at 18:24 Comment(0)

Recommended topics

Hot tags