On 03.06.25 17:22, Henry Hartley via Mailman-users wrote:
I'm having problems installing mailman3 following the instructions on
https://docs.mailman3.org/en/latest/install/virtualenv.html Everything goes well
until I get to the Installing Mailman
Core<https://docs.mailman3.org/en/latest/install/virtualenv.html#installing-mailman-core>
step, which has me do the following in my venv environment:
(venv)$ pip install wheel mailman psycopg2-binary
Ubuntu 24.04.02 LTS
Python 3.12.3
pip version 24.0
First, I was getting problems because my company firewall was blocking outbound
traffic. I got that taken care of. Next, I was seeing certificate errors,
saying there was a self-signed certificate:
WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None,
status=None)) after connection broken by 'SSLError(SSLCertVerificationError(1,
'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed
certificate in certificate chain (_ssl.c:1000)'))': /simple/wheel/
Could not fetch URL https://pypi.org/simple/wheel/: There was a problem
confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443):
Max retries exceeded with url: /simple/wheel/ (Caused by
SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED]
certificate verify failed: self-signed certificate in certificate chain
(_ssl.c:1000)'))) - skipping
There is no self-signed certificate in the chain, when I check it. I
guess, there is a proxy somewhere which has a different certificate.
Run
$ openssl s_client -connect pypi.org:443 -showcerts
to check what certificate is presented. It should be something like:
Connecting to 2a04:4e42::223
CONNECTED(00000003)
depth=2 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
verify return:1
depth=1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
verify return:1
depth=0 CN=pypi.org
verify return:1
---
Certificate chain
0 s:CN=pypi.org
i:C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Feb 24 04:28:22 2025 GMT; NotAfter: Mar 28 04:28:21
2026 GMT
...
1 s:C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
i:OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
a:PKEY: rsaEncryption, 2048 (bit); sigalg: RSA-SHA256
v:NotBefore: Oct 16 03:08:04 2024 GMT; NotAfter: Oct 16 00:00:00
2026 GMT
...
Server certificate
subject=CN=pypi.org
issuer=C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2025 Q1
...
When I added --trusted-host pypi.org that error went away but I'm still unable
to install anything:
Never ever do that. Find out what is happening. Either something bad is
interfering with your network traffic. Or there is a proxy and the chain
is different. In the latter case, you will see lots of issue until you
have configured your system correctly for the proxy in place...
But never ever simply turn off security and try to install something
through broken security. It defies the whole purpose of security and
certificates if you simply turn it off or try to ignore it.
-Gerald
_______________________________________________
Mailman-users mailing list -- mailman-users@mailman3.org
To unsubscribe send an email to mailman-users-le...@mailman3.org
https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
Archived at:
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message/SKIR2LETMWQ45MH2MVAUZZNQ43JCOGKR/
This message sent to arch...@mail-archive.com
