debian运行pip报错ssl module in Python is not available

写在前面

① 在debian 8上升级了Python 3.8.5
② 升级了openssl 1.1.1

问题描述

  1. 在运行pip命令时提示如下错误

    pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available.
    
  2. 尝试了大神推荐的用如下方法重新编译安装python,发现并不能解决我碰到的问题

    $ ./configure --prefix=/usr/local/python3.8.5 --with-ssl
    

    prefix 选项用来指定python的安装路径

解决过程

下载openssl 1.1.1并安装

debian上是装了openssl的,但版本是 1.0.2,这里想升级下

  1. 备份老版本(若未安装可跳过)

    $ which openssl # 找到openssl在哪
    /usr/bin/openssl
    $ mv /usr/bin/openssl /usr/bin/openssl.bak && rm -rf /etc/ssl
    
  2. 官网下载并解压

    $ wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz
    $ tar -zxf openssl-1.1.1g.tar.gz
    
  3. 进入解压目录并安装

    $ cd openssl-1.1.1g
    $ ./config --prefix=/usr/local/openssl
    $ make && make install
    
  4. 创建软连接并复制到bin目录

    $ ln -s /usr/local/openssl/bin/openssl  /usr/local/bin/openssl
    $ cp -r /usr/local/bin/openssl /usr/bin/
    $ openssl version
    OpenSSL 1.1.1g  21 Apr 2020
    

重新编译安装python

  1. 到python源码目录,按以下路径编辑Setup文件

    $ cd Python-3.8.5
    $ vi Modules/Setup
    
  2. 查找定位到"_ssl"(约第211行),按如下内容修改(取消注释,修改路径)

    SSL=/usr/local/openssl
    _ssl _ssl.c \
           -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \
           -L$(SSL)/lib -lssl -lcrypto
    
  3. 编译安装python(参见Linux python版本升级,从备份python2看起)

    $ ./configure --prefix=/usr/local/python3.8 --with-openssl=/usr/local/openssl
    $ make && make install
    
  4. 测试下是否安装成功

    $ python3
    Python 3.8.5 (default, Oct 23 2020, 05:46:43) 
    [GCC 4.9.2] on linux
    Type "help", "copyright", "credits" or "license" for more information.
    >>> import ssl
    

再次碰到问题一

  1. import ssl 时报错如下,提示对应路径下缺少文件

    openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)
    openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)
    
  2. 缺啥复制啥

    $ cd openssl-1.1.1c
    $ cp libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/
    $ cp libssl.so.1.1 /usr/lib/x86_64-linux-gnu/
    

再次碰到问题二

$ curl https://www.baidu.com
curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.
  • 卸载ca-certificates再重新安装(原因是前面的步骤中删除了/etc/ssl)
    $ apt-get remove -y ca-certificates    # 卸载
    $ apt-get install -y ca-certificates   # 安装
    

OK,以上就是碰到问题解决问题的过程

posted @ 2020-10-29 18:54  z417  阅读(888)  评论(0编辑  收藏  举报