[issue43404] No SSL certificates when using the Mac installer

[Ned Deily]

Ned Deily  added the comment:

When installing current Pythons for macOS downloaded from python.org, you will 
need to run the "Install Certificates.command" file installed into the 
/Applications/Python 3.x" folder for the version installed. This is noted in 
the initial screen when running the installer:

"At the end of this install, click on Install Certificates to install a set of 
current SSL root certificates."

It is also described in more detail in the "Read Me" file is also displayed by 
the installer and a copy of which is also installed in the /Applications/Python 
3.x folder.

"Certificate verification and OpenSSL

This package includes its own private copy of OpenSSL 1.1.1.   The trust 
certificates in system and user keychains managed by the Keychain Access 
application and the security command line utility are not used as defaults by 
the Python ssl module.  A sample command script is included in 
/Applications/Python 3.9 to install a curated bundle of default root 
certificates from the third-party certifi package 
(https://pypi.org/project/certifi/).  Double-click on Install Certificates to 
run it.

The bundled pip has its own default certificate store for verifying download 
connections."

The installer also opens the /Applications/Python 3.x folder in a Finder window 
to make all of these files immediately accessible.

--
nosy: +ned.deily
resolution:  -> not a bug
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue43404] No SSL certificates when using the Mac installer

[Sam Bull]

New submission from Sam Bull :

After installing the latest version of Python on Mac OS X using the installer 
downloaded from python.org 
(https://www.python.org/ftp/python/3.9.2/python-3.9.2-macosx10.9.pkg), the 
installed version of Python is unable to find the system certificates.

Using the old version of Python located at 
/usr/local/Cellar/python/3.7.5/bin/python3, I get:

>>> ssl.create_default_context().cert_store_stats()
{'x509': 168, 'crl': 0, 'x509_ca': 168}

But, with the new version located at 
/Library/Frameworks/Python.framework/Versions/3.9/bin/python3, I get:

>>> ssl.create_default_context().cert_store_stats()
{'x509': 0, 'crl': 0, 'x509_ca': 0}


Looking around on the internet, this seems to be a pretty common issue on Mac, 
but is often getting misdiagnosed as an actual problem with the server's 
certificate. Because of that, nobody seems to have proposed any methods to fix 
it.

Examples:
https://github.com/aio-libs/aiohttp/issues/5375
https://stackoverflow.com/questions/65039677/unable-to-get-local-issuer-certificate-mac-os#comment115039330_65040851

--
assignee: christian.heimes
components: SSL
messages: 388123
nosy: christian.heimes, dreamsorcerer
priority: normal
severity: normal
status: open
title: No SSL certificates when using the Mac installer
type: behavior
versions: Python 3.9

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com