On Mar 23, 2020, at 20:30, Matt Billenstein via Python-Dev <python-dev@python.org> wrote: > Hi, installing the latest 2.7.16 MacOS installer, functions in urllib > will attempt to load trusted certs from: > > /Library/Frameworks/Python.framework/Versions/2.7/etc/openssl/cert.pem > > But this file is not shipped with the installer package - this makes > urlretrieve and friends fail on https hosts - perhaps the installer > should ship a bundle or enable using something like certifi if it's > installed?
Python 2.7.17 is the most recent 2.7.x release. You should be using it instead of 2.7.16. When you open one of the current macOS Installer packages from python.org, the first (Welcome) display includes the following text: "At the end of this install, click on Install Certificates to install a set of current SSL root certificates." The second display (ReadMe) in the Installer includes the following section: "Certificate verification and OpenSSL This package includes its own private copy of OpenSSL 1.0.2. The trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are not used as defaults by the Python ssl module. A sample command script is included in /Applications/Python 2.7 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.org/project/certifi/). Double-click on Install Certificates to run it. The bundled pip has its own default certificate store for verifying download connections." By default, a copy of that ReadMe is saved as a file in /Application/Python 2.7/ should you need to refer to it, along with the "Install Certificates.command" file. We do not currently ship a set of certificates with the installer directly because any of them could be replaced or invalidated over the lifetome of the installer package. Hope that helps. -- Ned Deily n...@python.org -- [] _______________________________________________ Python-Dev mailing list -- python-dev@python.org To unsubscribe send an email to python-dev-le...@python.org https://mail.python.org/mailman3/lists/python-dev.python.org/ Message archived at https://mail.python.org/archives/list/python-dev@python.org/message/52GNL2TCYU3XAXPO4RHGERYQYXEKLNJF/ Code of Conduct: http://python.org/psf/codeofconduct/
