search

pypi / support

Issue tracker for support requests related to using https://pypi.org
95 stars 48 forks source link

SSLError with files.pythonhosted.org using Python 2.7.8 #980

Closed vphilippon closed 3 years ago

vphilippon commented 3 years ago

Describe the bug Using Python 2.7.8 (which has an outdated SSL lib), there's an SSL error when trying to use pypi.org, either via pip or a get-pip.py script. On Python 2.7.9+ and Python 3+, this isn't an issue.

This started occuring today.

Expected behavior pip or get-pip.py script should be able to download packages, even under Python 2.7.8.

To Reproduce Simple reproduction using a docker image:

myname@myhost ~$ docker run --rm -ti python:2.7.8 bash
[Docker dowloading the image]
root@453cb9c997bd:/# python -m pip --version
pip 1.5.6 from /usr/local/lib/python2.7/site-packages (python 2.7)
# Yikes, old, but let's try.
root@453cb9c997bd:/# python -m pip install requests
Downloading/unpacking requests
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/usr/local/lib/python2.7/site-packages/pip/commands/install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/usr/local/lib/python2.7/site-packages/pip/req.py", line 1197, in prepare_files
    do_download,
  File "/usr/local/lib/python2.7/site-packages/pip/req.py", line 1375, in unpack_url
    self.session,
  File "/usr/local/lib/python2.7/site-packages/pip/download.py", line 546, in unpack_http_url
    resp = session.get(target_url, stream=True)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 468, in get
    return self.request('GET', url, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/download.py", line 237, in request
    return super(PipSession, self).request(method, url, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 456, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 559, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/adapters.py", line 382, in send
    raise SSLError(e, request=request)
SSLError: hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'

Storing debug log for failure in /root/.pip/pip.log
# Well Ok then, let's try getting a newer pip...
root@453cb9c997bd:/# curl https://bootstrap.pypa.io/pip/2.7/get-pip.py | python
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1863k  100 1863k    0     0  6812k      0 --:--:-- --:--:-- --:--:-- 6801k
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:424: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
Collecting pip<21.0
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
ERROR: Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl (Caused by SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),))

/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings

On another system with Python 2.7.8 and a newer pip (20.3.4), I still get the same error. Unfortunatly I found no way to update pip in the docker image to show it here. pip install --trusted-host files.pythonhosted.org would circumvent the issue, but it's not an option with that super older pip version in the docker image.

My Platform Python 2.7.8, on both linux and windows systems.

vphilippon commented 3 years ago

The issue seems to be resolved as of now, but I just received an email pointing to this: https://github.com/pypa/pypi-support/issues/978

This seems directly related. We'll need to get off 2.7.8 ASAP as I read it. That was in our plans, seems like this just got bumped in priority for my team and me :) Take care PyPA and everyone!

vphilippon commented 3 years ago

I'll take the opportunity to add that on the page https://pypi.org/help/#feedback , the issue tracker link still points to pypa/warehouse. Maybe you'll want to have it updated to this pypa/pypi-support repo? Just an FYI.

Once again, take care!

heygenius commented 2 years ago

The issue seems to be resolved as of now, but I just received an email pointing to this: #978

This seems directly related. We'll need to get off 2.7.8 ASAP as I read it. That was in our plans, seems like this just got bumped in priority for my team and me :) Take care PyPA and everyone!

Describe the bug Using Python 2.7.8 (which has an outdated SSL lib), there's an SSL error when trying to use pypi.org, either via pip or a get-pip.py script. On Python 2.7.9+ and Python 3+, this isn't an issue.

This started occuring today.

Expected behavior pip or get-pip.py script should be able to download packages, even under Python 2.7.8.

To Reproduce Simple reproduction using a docker image:

myname@myhost ~$ docker run --rm -ti python:2.7.8 bash
[Docker dowloading the image]
root@453cb9c997bd:/# python -m pip --version
pip 1.5.6 from /usr/local/lib/python2.7/site-packages (python 2.7)
# Yikes, old, but let's try.
root@453cb9c997bd:/# python -m pip install requests
Downloading/unpacking requests
Cleaning up...
Exception:
Traceback (most recent call last):
  File "/usr/local/lib/python2.7/site-packages/pip/basecommand.py", line 122, in main
    status = self.run(options, args)
  File "/usr/local/lib/python2.7/site-packages/pip/commands/install.py", line 278, in run
    requirement_set.prepare_files(finder, force_root_egg_info=self.bundle, bundle=self.bundle)
  File "/usr/local/lib/python2.7/site-packages/pip/req.py", line 1197, in prepare_files
    do_download,
  File "/usr/local/lib/python2.7/site-packages/pip/req.py", line 1375, in unpack_url
    self.session,
  File "/usr/local/lib/python2.7/site-packages/pip/download.py", line 546, in unpack_http_url
    resp = session.get(target_url, stream=True)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 468, in get
    return self.request('GET', url, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/download.py", line 237, in request
    return super(PipSession, self).request(method, url, *args, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 456, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/sessions.py", line 559, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/site-packages/pip/_vendor/requests/adapters.py", line 382, in send
    raise SSLError(e, request=request)
SSLError: hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'

Storing debug log for failure in /root/.pip/pip.log
# Well Ok then, let's try getting a newer pip...
root@453cb9c997bd:/# curl https://bootstrap.pypa.io/pip/2.7/get-pip.py | python
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 1863k  100 1863k    0     0  6812k      0 --:--:-- --:--:-- --:--:-- 6801k
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:424: SNIMissingWarning: An HTTPS request has been made, but the SNI (Server Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
Collecting pip<21.0
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
  WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),)': /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl
/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  WARNING: Certificate did not match expected hostname: files.pythonhosted.org. Certificate: {'notAfter': 'Apr 28 19:20:25 2021 GMT', 'subjectAltName': (('DNS', 'r.ssl.fastly.net'), ('DNS', '*.catchpoint.com'), ('DNS', '*.cnn.io'), ('DNS', '*.dollarshaveclub.com'), ('DNS', '*.eater.com'), ('DNS', '*.fastly.picmonkey.com'), ('DNS', '*.files.saymedia-content.com'), ('DNS', '*.ft.com'), ('DNS', '*.meetupstatic.com'), ('DNS', '*.nfl.com'), ('DNS', '*.pagar.me'), ('DNS', '*.picmonkey.com'), ('DNS', '*.realself.com'), ('DNS', '*.sbnation.com'), ('DNS', '*.shakr.com'), ('DNS', '*.streamable.com'), ('DNS', '*.surfly.com'), ('DNS', '*.theverge.com'), ('DNS', '*.thrillist.com'), ('DNS', '*.vox-cdn.com'), ('DNS', '*.vox.com'), ('DNS', '*.voxmedia.com'), ('DNS', 'eater.com'), ('DNS', 'ft.com'), ('DNS', 'i.gse.io'), ('DNS', 'picmonkey.com'), ('DNS', 'realself.com'), ('DNS', 'static.wixstatic.com'), ('DNS', 'streamable.com'), ('DNS', 'surfly.com'), ('DNS', 'theverge.com'), ('DNS', 'vox-cdn.com'), ('DNS', 'vox.com'), ('DNS', 'www.joyent.com')), 'subject': ((('countryName', u'US'),), (('stateOrProvinceName', u'California'),), (('localityName', u'San Francisco'),), (('organizationName', u'Fastly, Inc'),), (('commonName', u'r.ssl.fastly.net'),))}
ERROR: Could not install packages due to an EnvironmentError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Max retries exceeded with url: /packages/27/79/8a850fe3496446ff0d584327ae44e7500daf6764ca1a382d2d02789accf7/pip-20.3.4-py2.py3-none-any.whl (Caused by SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'r.ssl.fastly.net', '*.catchpoint.com', '*.cnn.io', '*.dollarshaveclub.com', '*.eater.com', '*.fastly.picmonkey.com', '*.files.saymedia-content.com', '*.ft.com', '*.meetupstatic.com', '*.nfl.com', '*.pagar.me', '*.picmonkey.com', '*.realself.com', '*.sbnation.com', '*.shakr.com', '*.streamable.com', '*.surfly.com', '*.theverge.com', '*.thrillist.com', '*.vox-cdn.com', '*.vox.com', '*.voxmedia.com', 'eater.com', 'ft.com', 'i.gse.io', 'picmonkey.com', 'realself.com', 'static.wixstatic.com', 'streamable.com', 'surfly.com', 'theverge.com', 'vox-cdn.com', 'vox.com', 'www.joyent.com'",),))

/tmp/tmpaoGece/pip.zip/pip/_vendor/urllib3/util/ssl_.py:164: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings

On another system with Python 2.7.8 and a newer pip (20.3.4), I still get the same error. Unfortunatly I found no way to update pip in the docker image to show it here. pip install --trusted-host files.pythonhosted.org would circumvent the issue, but it's not an option with that super older pip version in the docker image.

My Platform Python 2.7.8, on both linux and windows systems.

hello my friend Vincent. python -m pip install --trusted-host pypi.org --trusted-host files.pythonhosted.org --upgrade pip I tried using this and it worked for me on python 2.7.x