[PYTHON] Insecure Platform Warning still appears with pip install, but I didn't do it because it was troublesome.

pip install -> InsecurePlatformWarning

$ python -V
Python 2.7.1
$ pip -V
pip 8.1.1 from /Users/foo/.anyenv/envs/pyenv/versions/2.7.1/lib/python2.7/site-packages (python 2.7)
$ pip install everytime-warning
…
/Users/foo/.anyenv/envs/pyenv/versions/2.7.1/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/Users/foo/.anyenv/envs/pyenv/versions/2.7.1/lib/python2.7/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
…

Why are you angry

https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning

Certain Python distributions (specifically, versions of Python earlier than 2.7.9) and older OpenSSLs have restrictions that prevent them from using the SNI (Server Name Indication) extension. This can cause unexpected behaviour when making some HTTPS requests, usually causing the server to present the a TLS certificate that is not valid for the website you’re trying to access.

"In versions prior to 2.7.9, you may visit a site with an incorrect certificate."

What happens if the certificate is incorrect

at the worst case,

  1. I think it's safe because it's a well-known plugin, so I do pip install (numpy, etc.)
  2. The access destination is replaced and the malicious plug-in is downloaded.
  3. The certificate is not verified correctly and it is installed.

May be that

pyenv install

trap

I was angry when I tried to pyenv install 2.7.9 normally

ERROR: The Python ssl extension was not compiled. Missing the OpenSSL lib?

Upgrade anyenv

(cd ~/.anyenv && git pull)
exec $SHELL -l
anyenv install pyenv
exec $SHELL -l
pyenv install 2.7.9
pyenv global 2.7.9
pip install secure-and-silent

Congratulations

Recommended Posts

Insecure Platform Warning still appears with pip install, but I didn't do it because it was troublesome.
I cried with `pip install --upgrade pip` with Bad md5 hash for package, but it got better
I have libncurses but get angry with pip install readline
What to do if Insecure Platform Warning appears when running Python
Even if I converted jpg to png, I managed to do it because the transparency was not tampered with
I want to do it with Python lambda Django, but I will stop
I got an SSL related error with pip install, so I solved it
I installed PySide2, but pyside2-uic didn't work, so I managed to do it.
I tried to install Docker on Windows 10 Home but it didn't work
I was addicted to pip install mysqlclient
I want to pip install with PythonAnywhere
I can't install the package with pip.
The file edited with vim was readonly but I want to save it
I tried to use Java with Termux using Termux Arch but it didn't work