Ronald Oussoren <ronaldousso...@mac.com> added the comment:
Could you check with "curl -k https://pypi.org/ >/dev/null" what certificate is used by PyPI? On my system I get (amongst other output): ... * SSL connection using TLSv1.2 / ECDHE-RSA-CHACHA20-POLY1305 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=pypi.org * start date: Oct 22 18:55:44 2021 GMT * expire date: Nov 23 18:55:43 2022 GMT * subjectAltName: host "pypi.org" matched cert's "pypi.org" * issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Atlas R3 DV TLS CA H2 2021 * SSL certificate verify ok. ... Note how the issuer is GlobalSign. If you see some other certificate authority, or get an error from curl due to the same certificate verification problem, you have something on the path between you and PyPI that intercepts the connection, such as a corporate proxy. Pip appears to have a way to override certificate verification, you'll have to (a) read pip's manual for that and (b) be *very* sure you know what's going on before you start trusting some other CA that's not in the global trust root used by pip and certify. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue45839> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
