我正在照看一些 RHEL6 服务器并尝试将它们设置为使用内部 PyPi 服务器(由 Nexus 3 代理)。
问题在于,我们的内部 PyPi 服务器是同一 Nginx 服务器上的几个 SSL VHost 之一,而 Python 2.6 与 SNI 不兼容;因此,easy_install 失败,因为它试图从错误的 Vhost URL 下载,并且 pip 失败并出现 SNIMissingWarning 和 InsecurePlatformWarning。
我看了https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings但似乎这只是针对您自己的脚本的一种解决方法;它并没有解决 Python 本身的问题。无论如何,我安装了 urllib3 和相关包,但问题仍然存在。
[[email protected] ~]# pip install --index https://nexus3.internal/repository/pypi-proxy/simple twine
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Collecting twine
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
SNIMissingWarning
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Could not fetch URL https://nexus3.internal/repository/pypi-proxy/simple/twine/: There was a problem confirming the ssl certificate: [Errno 1] _ssl.c:490: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed - skipping
Could not find a version that satisfies the requirement twine (from versions: )
No matching distribution found for twine
答案1
只需查看错误消息中提供的链接;)
https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning
SNIMissingWarning
这发生在 2.7.9 之前的 Python 2 版本上。这些旧版本缺乏 SNI 支持。这可能导致服务器提供客户端认为无效的证书。请按照pyOpenSSL指南来解决此警告。
pyOpenSSL 链接返回:
Python 2 中的证书验证
旧版本的 Python 2 内置了 ssl 模块,该模块缺乏 SNI 支持,并且可能落后于安全更新。出于这些原因,建议使用 pyOpenSSL。
如果你安装了带有安全附加功能的 urllib3,那么将安装 Python 2 上证书验证所需的所有软件包:
pip install urllib3[secure]
如果您想手动安装软件包,您将需要
pyOpenSSL
、cryptography
、idna
和certifi