debian运行pip报错ssl module in Python is not available
写在前面
① 在debian 8上升级了Python 3.8.5
② 升级了openssl 1.1.1
问题描述
-
在运行pip命令时提示如下错误
pip is configured with locations that require TLS/SSL, however the ssl module in Python is not available. -
尝试了大神推荐的用如下方法重新编译安装python,发现并不能解决我碰到的问题
$ ./configure --prefix=/usr/local/python3.8.5 --with-sslprefix 选项用来指定python的安装路径
解决过程
下载openssl 1.1.1并安装
debian上是装了openssl的,但版本是 1.0.2,这里想升级下
-
备份老版本(若未安装可跳过)
$ which openssl # 找到openssl在哪 /usr/bin/openssl $ mv /usr/bin/openssl /usr/bin/openssl.bak && rm -rf /etc/ssl -
官网下载并解压
$ wget https://www.openssl.org/source/openssl-1.1.1c.tar.gz $ tar -zxf openssl-1.1.1g.tar.gz -
进入解压目录并安装
$ cd openssl-1.1.1g $ ./config --prefix=/usr/local/openssl $ make && make install -
创建软连接并复制到bin目录
$ ln -s /usr/local/openssl/bin/openssl /usr/local/bin/openssl $ cp -r /usr/local/bin/openssl /usr/bin/ $ openssl version OpenSSL 1.1.1g 21 Apr 2020
重新编译安装python
-
到python源码目录,按以下路径编辑Setup文件
$ cd Python-3.8.5 $ vi Modules/Setup -
查找定位到"_ssl"(约第211行),按如下内容修改(取消注释,修改路径)
SSL=/usr/local/openssl _ssl _ssl.c \ -DUSE_SSL -I$(SSL)/include -I$(SSL)/include/openssl \ -L$(SSL)/lib -lssl -lcrypto -
编译安装python(参见Linux python版本升级,从备份python2看起)
$ ./configure --prefix=/usr/local/python3.8 --with-openssl=/usr/local/openssl $ make && make install -
测试下是否安装成功
$ python3 Python 3.8.5 (default, Oct 23 2020, 05:46:43) [GCC 4.9.2] on linux Type "help", "copyright", "credits" or "license" for more information. >>> import ssl
再次碰到问题一
-
import ssl 时报错如下,提示对应路径下缺少文件
openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl) openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl) -
缺啥复制啥
$ cd openssl-1.1.1c $ cp libcrypto.so.1.1 /usr/lib/x86_64-linux-gnu/ $ cp libssl.so.1.1 /usr/lib/x86_64-linux-gnu/
再次碰到问题二
$ curl https://www.baidu.com
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
- 卸载ca-certificates再重新安装(原因是前面的步骤中删除了/etc/ssl)
$ apt-get remove -y ca-certificates # 卸载 $ apt-get install -y ca-certificates # 安装
