Thanks Ned - confirmed that works in 2.7.17 - maybe it was there in 2.7.16 and I just overlooked that messaging in the last step.
m On Mon, Mar 23, 2020 at 09:11:09PM -0400, Ned Deily wrote: > On Mar 23, 2020, at 20:30, Matt Billenstein via Python-Dev > <python-dev@python.org> wrote: > > Hi, installing the latest 2.7.16 MacOS installer, functions in urllib > > will attempt to load trusted certs from: > > > > /Library/Frameworks/Python.framework/Versions/2.7/etc/openssl/cert.pem > > > > But this file is not shipped with the installer package - this makes > > urlretrieve and friends fail on https hosts - perhaps the installer > > should ship a bundle or enable using something like certifi if it's > > installed? > > Python 2.7.17 is the most recent 2.7.x release. You should be using it > instead of 2.7.16. > > When you open one of the current macOS Installer packages from python.org, > the first (Welcome) display includes the following text: > > "At the end of this install, click on Install Certificates to install a set > of current SSL root certificates." > > The second display (ReadMe) in the Installer includes the following section: > > "Certificate verification and OpenSSL > > This package includes its own private copy of OpenSSL 1.0.2. The trust > certificates in system and user keychains managed by the Keychain Access > application and the security command line utility are not used as defaults by > the Python ssl module. A sample command script is included in > /Applications/Python 2.7 to install a curated bundle of default root > certificates from the third-party certifi package > (https://pypi.org/project/certifi/). Double-click on Install Certificates to > run it. > > The bundled pip has its own default certificate store for verifying download > connections." > > By default, a copy of that ReadMe is saved as a file in /Application/Python > 2.7/ should you need to refer to it, along with the "Install > Certificates.command" file. > > We do not currently ship a set of certificates with the installer directly > because any of them could be replaced or invalidated over the lifetome of the > installer package. > > Hope that helps. > > > -- > Ned Deily > n...@python.org -- [] -- Matt Billenstein m...@vazor.com http://www.vazor.com/ _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/27TF36AURBYJZW2LLGRYGL3GMI6XZZ4W/ Code of Conduct: http://python.org/psf/codeofconduct/
