Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
SSL certificates not used by pipenv lock
See original GitHub issueI am trying to use pipenv at work and am running into SSL certificate errors despite my company’s certificates working in other applications, including pip and in requests:
Python 3.6.5 (default, Apr 14 2018, 13:17:30)
[GCC 7.3.1 20180406] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get('https://pypi.org')
<Response [200]>
>>>
pipenv is able to download packages just fine, but locking runs into SSL problems. I was directed to open a new issue after checking my TLS version (it is 1.2) here: https://github.com/pypa/pipenv/issues/591.
Please run $ python -m pipenv.help, and paste the results here.
$ python -m pipenv.help output
Pipenv version: '11.10.1'
Pipenv location: '/usr/lib/python3.6/site-packages/pipenv'
Python location: '/usr/bin/python'
Other Python installations in PATH:
-
3.6:/usr/bin/python3.6m -
3.6:/usr/bin/python3.6 -
3.6:/bin/python3.6 -
3.6.5:/usr/bin/python -
3.6.5:/bin/python -
3.6.5:/usr/bin/python3 -
3.6.5:/bin/python3
PEP 508 Information:
{‘implementation_name’: ‘cpython’, ‘implementation_version’: ‘3.6.5’, ‘os_name’: ‘posix’, ‘platform_machine’: ‘x86_64’, ‘platform_python_implementation’: ‘CPython’, ‘platform_release’: ‘4.16.3-1-ARCH’, ‘platform_system’: ‘Linux’, ‘platform_version’: ‘#1 SMP PREEMPT Thu Apr 19 09:17:56 UTC 2018’, ‘python_full_version’: ‘3.6.5’, ‘python_version’: ‘3.6’, ‘sys_platform’: ‘linux’}
System environment variables:
BROWSERCOLORTERMCONDA_SHLVLDBUS_SESSION_BUS_ADDRESSDESKTOP_SESSIONDISPLAYGDMSESSIONGTK_MODULESHOMELANGLOGNAMELS_COLORSMAILMOZ_PLUGIN_PATHPATHPWDSHELLSHLVLTERMUSERVTE_VERSIONWINDOWIDXAUTHORITYXDG_CURRENT_DESKTOPXDG_GREETER_DATA_DIRXDG_RUNTIME_DIRXDG_SEATXDG_SEAT_PATHXDG_SESSION_DESKTOPXDG_SESSION_IDXDG_SESSION_PATHXDG_SESSION_TYPEXDG_VTNRhttp_proxyhttps_proxyno_proxyPYTHONDONTWRITEBYTECODEPIP_PYTHON_PATH
Pipenv–specific environment variables:
Debug–specific environment variables:
PATH:/home/e330665/.local/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/bin/site_perl:/usr/bin/vendor_perl:/usr/bin/core_perlSHELL:/usr/bin/fishLANG:en_US.UTF-8PWD:/home/e330665/sandbox/pipenv_test
Contents of Pipfile (‘/home/e330665/sandbox/pipenv_test/Pipfile’):
toml [[source]] url = “https://pypi.org/simple” verify_ssl = true name = “pypi”
[packages] requests = “*”
[dev-packages]
[requires] python_version = “3.6”
Expected result
Locking [dev-packages] dependencies…
Locking [packages] dependencies…
unicorns I guess
Actual result
Locking [dev-packages] dependencies…
Using pip: -i https://pypi.org/simple
ROUND 1
Current constraints:
Finding the best candidates:
Finding secondary dependencies:
------------------------------------------------------------
Result of round 1: stable, done
Locking [packages] dependencies…
Using pip: -i https://pypi.org/simple
ROUND 1
Current constraints:
requests
Finding the best candidates:
found candidate requests==2.18.4 (constraint was <any>)
Finding secondary dependencies:
requests==2.18.4 requires certifi>=2017.4.17, chardet<3.1.0,>=3.0.2, idna<2.7,>=2.5, urllib3<1.23,>=1.21.1
New dependencies found in this round:
adding ['certifi', '>=2017.4.17', '[]']
adding ['chardet', '<3.1.0,>=3.0.2', '[]']
adding ['idna', '<2.7,>=2.5', '[]']
adding ['urllib3', '<1.23,>=1.21.1', '[]']
Removed dependencies in this round:
Unsafe dependencies in this round:
------------------------------------------------------------
Result of round 1: not stable
ROUND 2
Current constraints:
certifi>=2017.4.17
chardet<3.1.0,>=3.0.2
idna<2.7,>=2.5
requests
urllib3<1.23,>=1.21.1
Finding the best candidates:
found candidate certifi==2018.4.16 (constraint was >=2017.4.17)
found candidate chardet==3.0.4 (constraint was >=3.0.2,<3.1.0)
found candidate idna==2.6 (constraint was >=2.5,<2.7)
found candidate requests==2.18.4 (constraint was <any>)
found candidate urllib3==1.22 (constraint was >=1.21.1,<1.23)
Finding secondary dependencies:
certifi==2018.4.16 requires -
requests==2.18.4 requires certifi>=2017.4.17, chardet<3.1.0,>=3.0.2, idna<2.7,>=2.5, urllib3<1.23,>=1.21.1
idna==2.6 requires -
chardet==3.0.4 requires -
urllib3==1.22 requires -
------------------------------------------------------------
Result of round 2: stable, done
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 595, in urlopen
self._prepare_proxy(conn)
File "/usr/lib/python3.6/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 816, in _prepare_proxy
conn.connect()
File "/usr/lib/python3.6/site-packages/pipenv/vendor/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/pipenv/vendor/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib64/python3.6/ssl.py", line 407, in wrap_socket
_context=self, _session=session)
File "/usr/lib64/python3.6/ssl.py", line 814, in __init__
self.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib64/python3.6/ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/pipenv/vendor/requests/adapters.py", line 440, in send
timeout=timeout
File "/usr/lib/python3.6/site-packages/pipenv/vendor/urllib3/connectionpool.py", line 639, in urlopen
_stacktrace=sys.exc_info()[2])
File "/usr/lib/python3.6/site-packages/pipenv/vendor/urllib3/util/retry.py", line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/chardet/json (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/pipenv/resolver.py", line 85, in <module>
main()
File "/usr/lib/python3.6/site-packages/pipenv/resolver.py", line 74, in main
system=system,
File "/usr/lib/python3.6/site-packages/pipenv/resolver.py", line 65, in resolve
allow_global=system,
File "/usr/lib/python3.6/site-packages/pipenv/utils.py", line 514, in resolve_deps
timeout=10,
File "/usr/lib/python3.6/site-packages/pipenv/vendor/requests/sessions.py", line 521, in get
return self.request('GET', url, **kwargs)
File "/usr/lib/python3.6/site-packages/pipenv/vendor/requests/sessions.py", line 508, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3.6/site-packages/pipenv/vendor/requests/sessions.py", line 618, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3.6/site-packages/pipenv/vendor/requests/adapters.py", line 506, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /pypi/chardet/json (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)'),))
Steps to replicate
pipenv shell
pipenv install requests
Issue Analytics
- State:
- Created 5 years ago
- Comments:16 (12 by maintainers)
Top Results From Across the Web
How to make pipenv install <package> use SSL certificate of ...
1 Answer 1 · setting a HTTPS proxy (in this case Charles) · save the Charles certificate in a .pem file · try...
Read more >Python Buildpack | Cloud Foundry Docs
This error occurs because pip does not use system certificates by default. To resolve this issue, set the PIP_CERT environment variable in the ......
Read more >Advanced Usage of Pipenv - Python Packaging Authority
Dependencies of wheels provided in a Pipfile will not be captured by $ pipenv lock . There are some known issues with using...
Read more >pipenv Documentation - Read the Docs
Dependencies of wheels provided in a Pipfile will not be captured by $ pipenv lock. • There are some known issues with using...
Read more >pipenv Documentation
Pipenv is a tool that aims to bring the best of all packaging worlds (bundler, composer, npm, cargo, yarn, etc.) to the. Python...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Hey @edwardreed81, sorry I missed this issue when it started. The problem you’re hitting is two separate versions of Requests. The one bundled with pipenv is Requests 2.11.1 which still had certificates packaged with Requests vs the Requests you have installed is (likely) Requests 2.18.4 which will detect certs on your machine. This is why you’re seeing variance between the two imports.
This was a fundamental change we made in Requests and is expected behaviour. We need to get our vendored copy of Requests updated in pipenv or simply removed if possible. We’ll look into getting the issue resolved tomorrow hopefully.
We bundle requests with our own PEM and so does pip. Try installing
requests[security]as this may add relevant libraries