Fixing HTTPS issues on old versions of OS X

[Wowfunhappy]

I've released a tiny update to this package. If the `Set Environment Variables` option is selected at install-time, an extra variable will be added: `REQUESTS_CA_BUNDLE`, set to `/Library/Squid/Certificates/squid.pem`.

Like the other two environment variables, this one is necessary for some (mostly unix-y) software to play nicely with the proxy. Python packages in particular (and thus Python-based apps) seem to need this.

 

[Wowfunhappy]

Sigh... heads up, getting modern Python 3 stuff to work with a mitm proxy is annoying.

If you don't set the `REQUESTS_CA_BUNDLE` environment variable to `/Library/Squid/Certificates/squid.pem`, anything which uses the `requests` package for https will break.

However, if you DO set the environment variable, pip will break. Pip works fine if `REQUESTS_CA_BUNDLE` is unset.

For now, if you're using Python, you'll need to always prepend REQUESTS_CA_BUNDLE="" to your pip command.

Examples:

REQUESTS_CA_BUNDLE="" pip install -r requirements.txt
REQUESTS_CA_BUNDLE="" pip install openai
REQUESTS_CA_BUNDLE="" pip install pygame==2.1.2

And so on. You get the idea.

I am interested in fixing this (in a way that does not involve special-casing specific software) but for the moment I'm stuck.

 

[f54da]

Why is that? Doesn't pip interally use requests? https://github.com/pypa/pip/blob/2b...rc/pip/_vendor/requests/sessions.py#L758-L772

 

[startergo]

original python 2.7.18 installer comes with certificate update script in the folder.

 

[Wowfunhappy]

Why is that? Doesn't pip interally use requests? https://github.com/pypa/pip/blob/2b...rc/pip/_vendor/requests/sessions.py#L758-L772

Great question, unfortunately I have no clue WTF python is doing. I lost several hours to this this morning before I ultimately had to leave to go teach a class, without making any headway. It's specifically the openai api I've been testing with, but that should be using `requests`.

original python 2.7.18 installer comes with certificate update script in the folder.

If you're using Python 2 I recommend just sticking with the copy built into the OS, it will make your life easier and it's capable of some extra stuff like from Quartz.CoreGraphics import *. Most software nowadays needs Python 3, which at least as of recent versions uses a built-in copy of OpenSSL instead of SecureTransport.

 

[startergo]

I installed both with pyenv. They can be switched globally.

 

[f54da]

>it will make your life easier and it's capable of some extra stuff like
You can get that by installing pyobjc iirc, but it's a bit of a pain to do and it's convenient that the system one has it out of the box.

>unfortunately I have no clue
Hm I'd just set some breakpoints in pip to see what it's trying to do. It doesn't make sense to me that setting REQUESTS_CA_BUNDLE would break it, but on the other hand I do see it does something with trying to parse that env variable (rather than just letting the library handle it), so maybe something about the format isn't what it's expecting.

 

[startergo]

Why is that? Doesn't pip interally use requests? https://github.com/pypa/pip/blob/2b...rc/pip/_vendor/requests/sessions.py#L758-L772

I found that requests are not installed by default so I did:

Spoiler: Requests

python -m pip install requests


Collecting requests


  Obtaining dependency information for requests from https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl.metadata


  Downloading requests-2.31.0-py3-none-any.whl.metadata (4.6 kB)


Collecting charset-normalizer<4,>=2 (from requests)


  Obtaining dependency information for charset-normalizer<4,>=2 from https://files.pythonhosted.org/packages/d3/46/76bf2f07edb024c891b1c66d6f3f709093deec314f78307662bb83a33390/charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata


  Downloading charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (32 kB)


Collecting idna<4,>=2.5 (from requests)


  Downloading idna-3.4-py3-none-any.whl (61 kB)


     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.5/61.5 kB 6.0 MB/s eta 0:00:00


Collecting urllib3<3,>=1.21.1 (from requests)


  Obtaining dependency information for urllib3<3,>=1.21.1 from https://files.pythonhosted.org/packages/37/dc/399e63f5d1d96bb643404ee830657f4dfcf8503f5ba8fa3c6d465d0c57fe/urllib3-2.0.5-py3-none-any.whl.metadata


  Downloading urllib3-2.0.5-py3-none-any.whl.metadata (6.6 kB)


Collecting certifi>=2017.4.17 (from requests)


  Obtaining dependency information for certifi>=2017.4.17 from https://files.pythonhosted.org/packages/4c/dd/2234eab22353ffc7d94e8d13177aaa050113286e93e7b40eae01fbf7c3d9/certifi-2023.7.22-py3-none-any.whl.metadata


  Downloading certifi-2023.7.22-py3-none-any.whl.metadata (2.2 kB)


Downloading requests-2.31.0-py3-none-any.whl (62 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 62.6/62.6 kB 7.8 MB/s eta 0:00:00


Downloading certifi-2023.7.22-py3-none-any.whl (158 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 158.3/158.3 kB 8.5 MB/s eta 0:00:00


Downloading charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl (118 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 118.7/118.7 kB 13.6 MB/s eta 0:00:00


Downloading urllib3-2.0.5-py3-none-any.whl (123 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 123.8/123.8 kB 12.3 MB/s eta 0:00:00


Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests


Successfully installed certifi-2023.7.22 charset-normalizer-3.3.0 idna-3.4 requests-2.31.0 urllib3-2.0.5


Maverickss-Mac:~ mavericks$ pip install openai


Collecting openai


  Obtaining dependency information for openai from https://files.pythonhosted.org/packages/1e/9f/385c25502f437686e4aa715969e5eaf5c2cb5e5ffa7c5cdd52f3c6ae967a/openai-0.28.1-py3-none-any.whl.metadata


  Downloading openai-0.28.1-py3-none-any.whl.metadata (11 kB)


Requirement already satisfied: requests>=2.20 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from openai) (2.31.0)


Collecting tqdm (from openai)


  Obtaining dependency information for tqdm from https://files.pythonhosted.org/packages/00/e5/f12a80907d0884e6dff9c16d0c0114d81b8cd07dc3ae54c5e962cc83037e/tqdm-4.66.1-py3-none-any.whl.metadata


  Downloading tqdm-4.66.1-py3-none-any.whl.metadata (57 kB)


     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 57.6/57.6 kB 2.1 MB/s eta 0:00:00


Collecting aiohttp (from openai)


  Obtaining dependency information for aiohttp from https://files.pythonhosted.org/packages/64/04/9ef622ccb6b340b3b53812e19f1658311614889452258eff91f6c9e1a1d9/aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl.metadata


  Downloading aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl.metadata (7.7 kB)


Requirement already satisfied: charset-normalizer<4,>=2 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (3.3.0)


Requirement already satisfied: idna<4,>=2.5 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (3.4)


Requirement already satisfied: urllib3<3,>=1.21.1 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (2.0.5)


Requirement already satisfied: certifi>=2017.4.17 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (2023.7.22)


Collecting attrs>=17.3.0 (from aiohttp->openai)


  Downloading attrs-23.1.0-py3-none-any.whl (61 kB)


     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 61.2/61.2 kB 4.4 MB/s eta 0:00:00


Collecting multidict<7.0,>=4.5 (from aiohttp->openai)


  Downloading multidict-6.0.4-cp311-cp311-macosx_10_9_x86_64.whl (29 kB)


Collecting async-timeout<5.0,>=4.0.0a3 (from aiohttp->openai)


  Obtaining dependency information for async-timeout<5.0,>=4.0.0a3 from https://files.pythonhosted.org/packages/a7/fa/e01228c2938de91d47b307831c62ab9e4001e747789d0b05baf779a6488c/async_timeout-4.0.3-py3-none-any.whl.metadata


  Downloading async_timeout-4.0.3-py3-none-any.whl.metadata (4.2 kB)


Collecting yarl<2.0,>=1.0 (from aiohttp->openai)


  Downloading yarl-1.9.2-cp311-cp311-macosx_10_9_x86_64.whl (64 kB)


     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 64.4/64.4 kB 3.1 MB/s eta 0:00:00


Collecting frozenlist>=1.1.1 (from aiohttp->openai)


  Obtaining dependency information for frozenlist>=1.1.1 from https://files.pythonhosted.org/packages/1d/29/1a30aedecf5b6542f1dba92383352ccb35a3affcdf94bc5b2917dc95ce3b/frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata


  Downloading frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (5.2 kB)


Collecting aiosignal>=1.1.2 (from aiohttp->openai)


  Downloading aiosignal-1.3.1-py3-none-any.whl (7.6 kB)


Downloading openai-0.28.1-py3-none-any.whl (76 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 77.0/77.0 kB 4.1 MB/s eta 0:00:00


Downloading aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl (362 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 362.6/362.6 kB 3.6 MB/s eta 0:00:00


Downloading tqdm-4.66.1-py3-none-any.whl (78 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 78.3/78.3 kB 5.7 MB/s eta 0:00:00


Downloading async_timeout-4.0.3-py3-none-any.whl (5.7 kB)


Downloading frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl (47 kB)


   ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 47.7/47.7 kB 5.8 MB/s eta 0:00:00


Installing collected packages: tqdm, multidict, frozenlist, attrs, async-timeout, yarl, aiosignal, aiohttp, openai


Successfully installed aiohttp-3.8.5 aiosignal-1.3.1 async-timeout-4.0.3 attrs-23.1.0 frozenlist-1.4.0 multidict-6.0.4 openai-0.28.1 tqdm-4.66.1 yarl-1.9.2

This is in Mavericks, but I am not using squid I just updated the certificates exported from a newer machine:

sudo ./trustroot rootcerts.pem

 

[Wowfunhappy]

This is in Mavericks, but I am not using squid I just updated the certificates exported from a newer machine.

Please do whatever works for you, but just an FYI this isn't sufficient when servers require modern cipher suites. That's why the proxy exists. One straightforward example is accessing Wikipedia from the Dictionary app.

 

[startergo]

Please do whatever works for you, but just an FYI this isn't sufficient when servers require modern cipher suites. That's why the proxy exists. One straightforward example is accessing Wikipedia from the Dictionary app.

I am somewhat confused. Please clarify as I am trying to replicate the error. I just installed the proxy and:

Spoiler: Install openai

python -m pip install requests
Collecting requests
  Obtaining dependency information for requests from https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl.metadata
  Using cached requests-2.31.0-py3-none-any.whl.metadata (4.6 kB)
Collecting charset-normalizer<4,>=2 (from requests)
  Obtaining dependency information for charset-normalizer<4,>=2 from https://files.pythonhosted.org/packages/d3/46/76bf2f07edb024c891b1c66d6f3f709093deec314f78307662bb83a33390/charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata
  Using cached charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (32 kB)
Collecting idna<4,>=2.5 (from requests)
  Using cached idna-3.4-py3-none-any.whl (61 kB)
Collecting urllib3<3,>=1.21.1 (from requests)
  Obtaining dependency information for urllib3<3,>=1.21.1 from https://files.pythonhosted.org/packages/37/dc/399e63f5d1d96bb643404ee830657f4dfcf8503f5ba8fa3c6d465d0c57fe/urllib3-2.0.5-py3-none-any.whl.metadata
  Using cached urllib3-2.0.5-py3-none-any.whl.metadata (6.6 kB)
Collecting certifi>=2017.4.17 (from requests)
  Obtaining dependency information for certifi>=2017.4.17 from https://files.pythonhosted.org/packages/4c/dd/2234eab22353ffc7d94e8d13177aaa050113286e93e7b40eae01fbf7c3d9/certifi-2023.7.22-py3-none-any.whl.metadata
  Using cached certifi-2023.7.22-py3-none-any.whl.metadata (2.2 kB)
Using cached requests-2.31.0-py3-none-any.whl (62 kB)
Using cached certifi-2023.7.22-py3-none-any.whl (158 kB)
Using cached charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl (118 kB)
Using cached urllib3-2.0.5-py3-none-any.whl (123 kB)
Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests
Successfully installed certifi-2023.7.22 charset-normalizer-3.3.0 idna-3.4 requests-2.31.0 urllib3-2.0.5
Maverickss-Mac:~ mavericks$ pip install openai
Collecting openai
  Obtaining dependency information for openai from https://files.pythonhosted.org/packages/1e/9f/385c25502f437686e4aa715969e5eaf5c2cb5e5ffa7c5cdd52f3c6ae967a/openai-0.28.1-py3-none-any.whl.metadata
  Using cached openai-0.28.1-py3-none-any.whl.metadata (11 kB)
Requirement already satisfied: requests>=2.20 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from openai) (2.31.0)
Collecting tqdm (from openai)
  Obtaining dependency information for tqdm from https://files.pythonhosted.org/packages/00/e5/f12a80907d0884e6dff9c16d0c0114d81b8cd07dc3ae54c5e962cc83037e/tqdm-4.66.1-py3-none-any.whl.metadata
  Using cached tqdm-4.66.1-py3-none-any.whl.metadata (57 kB)
Collecting aiohttp (from openai)
  Obtaining dependency information for aiohttp from https://files.pythonhosted.org/packages/64/04/9ef622ccb6b340b3b53812e19f1658311614889452258eff91f6c9e1a1d9/aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl.metadata
  Using cached aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl.metadata (7.7 kB)
Requirement already satisfied: charset-normalizer<4,>=2 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (3.3.0)
Requirement already satisfied: idna<4,>=2.5 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (3.4)
Requirement already satisfied: urllib3<3,>=1.21.1 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (2.0.5)
Requirement already satisfied: certifi>=2017.4.17 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (2023.7.22)
Collecting attrs>=17.3.0 (from aiohttp->openai)
  Using cached attrs-23.1.0-py3-none-any.whl (61 kB)
Collecting multidict<7.0,>=4.5 (from aiohttp->openai)
  Using cached multidict-6.0.4-cp311-cp311-macosx_10_9_x86_64.whl (29 kB)
Collecting async-timeout<5.0,>=4.0.0a3 (from aiohttp->openai)
  Obtaining dependency information for async-timeout<5.0,>=4.0.0a3 from https://files.pythonhosted.org/packages/a7/fa/e01228c2938de91d47b307831c62ab9e4001e747789d0b05baf779a6488c/async_timeout-4.0.3-py3-none-any.whl.metadata
  Using cached async_timeout-4.0.3-py3-none-any.whl.metadata (4.2 kB)
Collecting yarl<2.0,>=1.0 (from aiohttp->openai)
  Using cached yarl-1.9.2-cp311-cp311-macosx_10_9_x86_64.whl (64 kB)
Collecting frozenlist>=1.1.1 (from aiohttp->openai)
  Obtaining dependency information for frozenlist>=1.1.1 from https://files.pythonhosted.org/packages/1d/29/1a30aedecf5b6542f1dba92383352ccb35a3affcdf94bc5b2917dc95ce3b/frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata
  Using cached frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (5.2 kB)
Collecting aiosignal>=1.1.2 (from aiohttp->openai)
  Using cached aiosignal-1.3.1-py3-none-any.whl (7.6 kB)
Using cached openai-0.28.1-py3-none-any.whl (76 kB)
Using cached aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl (362 kB)
Using cached tqdm-4.66.1-py3-none-any.whl (78 kB)
Using cached async_timeout-4.0.3-py3-none-any.whl (5.7 kB)
Using cached frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl (47 kB)
Installing collected packages: tqdm, multidict, frozenlist, attrs, async-timeout, yarl, aiosignal, aiohttp, openai
Successfully installed aiohttp-3.8.5 aiosignal-1.3.1 async-timeout-4.0.3 attrs-23.1.0 frozenlist-1.4.0 multidict-6.0.4 openai-0.28.1 tqdm-4.66.1 yarl-1.9.2
Maverickss-Mac:~ mavericks$

 

[Wowfunhappy]

I am somewhat confused. Please clarify as I am trying to replicate the error. I just installed the proxy and:

Spoiler: Install openai

python -m pip install requests
Collecting requests
  Obtaining dependency information for requests from https://files.pythonhosted.org/packages/70/8e/0e2d847013cb52cd35b38c009bb167a1a26b2ce6cd6965bf26b47bc0bf44/requests-2.31.0-py3-none-any.whl.metadata
  Using cached requests-2.31.0-py3-none-any.whl.metadata (4.6 kB)
Collecting charset-normalizer<4,>=2 (from requests)
  Obtaining dependency information for charset-normalizer<4,>=2 from https://files.pythonhosted.org/packages/d3/46/76bf2f07edb024c891b1c66d6f3f709093deec314f78307662bb83a33390/charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata
  Using cached charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (32 kB)
Collecting idna<4,>=2.5 (from requests)
  Using cached idna-3.4-py3-none-any.whl (61 kB)
Collecting urllib3<3,>=1.21.1 (from requests)
  Obtaining dependency information for urllib3<3,>=1.21.1 from https://files.pythonhosted.org/packages/37/dc/399e63f5d1d96bb643404ee830657f4dfcf8503f5ba8fa3c6d465d0c57fe/urllib3-2.0.5-py3-none-any.whl.metadata
  Using cached urllib3-2.0.5-py3-none-any.whl.metadata (6.6 kB)
Collecting certifi>=2017.4.17 (from requests)
  Obtaining dependency information for certifi>=2017.4.17 from https://files.pythonhosted.org/packages/4c/dd/2234eab22353ffc7d94e8d13177aaa050113286e93e7b40eae01fbf7c3d9/certifi-2023.7.22-py3-none-any.whl.metadata
  Using cached certifi-2023.7.22-py3-none-any.whl.metadata (2.2 kB)
Using cached requests-2.31.0-py3-none-any.whl (62 kB)
Using cached certifi-2023.7.22-py3-none-any.whl (158 kB)
Using cached charset_normalizer-3.3.0-cp311-cp311-macosx_10_9_x86_64.whl (118 kB)
Using cached urllib3-2.0.5-py3-none-any.whl (123 kB)
Installing collected packages: urllib3, idna, charset-normalizer, certifi, requests
Successfully installed certifi-2023.7.22 charset-normalizer-3.3.0 idna-3.4 requests-2.31.0 urllib3-2.0.5
Maverickss-Mac:~ mavericks$ pip install openai
Collecting openai
  Obtaining dependency information for openai from https://files.pythonhosted.org/packages/1e/9f/385c25502f437686e4aa715969e5eaf5c2cb5e5ffa7c5cdd52f3c6ae967a/openai-0.28.1-py3-none-any.whl.metadata
  Using cached openai-0.28.1-py3-none-any.whl.metadata (11 kB)
Requirement already satisfied: requests>=2.20 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from openai) (2.31.0)
Collecting tqdm (from openai)
  Obtaining dependency information for tqdm from https://files.pythonhosted.org/packages/00/e5/f12a80907d0884e6dff9c16d0c0114d81b8cd07dc3ae54c5e962cc83037e/tqdm-4.66.1-py3-none-any.whl.metadata
  Using cached tqdm-4.66.1-py3-none-any.whl.metadata (57 kB)
Collecting aiohttp (from openai)
  Obtaining dependency information for aiohttp from https://files.pythonhosted.org/packages/64/04/9ef622ccb6b340b3b53812e19f1658311614889452258eff91f6c9e1a1d9/aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl.metadata
  Using cached aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl.metadata (7.7 kB)
Requirement already satisfied: charset-normalizer<4,>=2 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (3.3.0)
Requirement already satisfied: idna<4,>=2.5 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (3.4)
Requirement already satisfied: urllib3<3,>=1.21.1 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (2.0.5)
Requirement already satisfied: certifi>=2017.4.17 in ./.pyenv/versions/3.11.5/lib/python3.11/site-packages (from requests>=2.20->openai) (2023.7.22)
Collecting attrs>=17.3.0 (from aiohttp->openai)
  Using cached attrs-23.1.0-py3-none-any.whl (61 kB)
Collecting multidict<7.0,>=4.5 (from aiohttp->openai)
  Using cached multidict-6.0.4-cp311-cp311-macosx_10_9_x86_64.whl (29 kB)
Collecting async-timeout<5.0,>=4.0.0a3 (from aiohttp->openai)
  Obtaining dependency information for async-timeout<5.0,>=4.0.0a3 from https://files.pythonhosted.org/packages/a7/fa/e01228c2938de91d47b307831c62ab9e4001e747789d0b05baf779a6488c/async_timeout-4.0.3-py3-none-any.whl.metadata
  Using cached async_timeout-4.0.3-py3-none-any.whl.metadata (4.2 kB)
Collecting yarl<2.0,>=1.0 (from aiohttp->openai)
  Using cached yarl-1.9.2-cp311-cp311-macosx_10_9_x86_64.whl (64 kB)
Collecting frozenlist>=1.1.1 (from aiohttp->openai)
  Obtaining dependency information for frozenlist>=1.1.1 from https://files.pythonhosted.org/packages/1d/29/1a30aedecf5b6542f1dba92383352ccb35a3affcdf94bc5b2917dc95ce3b/frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata
  Using cached frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl.metadata (5.2 kB)
Collecting aiosignal>=1.1.2 (from aiohttp->openai)
  Using cached aiosignal-1.3.1-py3-none-any.whl (7.6 kB)
Using cached openai-0.28.1-py3-none-any.whl (76 kB)
Using cached aiohttp-3.8.5-cp311-cp311-macosx_10_9_x86_64.whl (362 kB)
Using cached tqdm-4.66.1-py3-none-any.whl (78 kB)
Using cached async_timeout-4.0.3-py3-none-any.whl (5.7 kB)
Using cached frozenlist-1.4.0-cp311-cp311-macosx_10_9_x86_64.whl (47 kB)
Installing collected packages: tqdm, multidict, frozenlist, attrs, async-timeout, yarl, aiosignal, aiohttp, openai
Successfully installed aiohttp-3.8.5 aiosignal-1.3.1 async-timeout-4.0.3 attrs-23.1.0 frozenlist-1.4.0 multidict-6.0.4 openai-0.28.1 tqdm-4.66.1 yarl-1.9.2
Maverickss-Mac:~ mavericks$

Did you enable the environment variables option while installing the proxy? It's selected by default, but optional.

If you did, did you reboot before testing Python? (You should only need to restart your session or terminal emulator, but a full-on reboot is foolproof.)

If yes to both of the above, can you please share the output of each of the below commands?

python --version
echo $HTTPS_PROXY
echo $SSL_CERT_FILE
echo $REQUESTS_CA_BUNDLE
cat /etc/launchd.conf

And also, where did you install Python from? I'll admit I built my copy of python3 from source so maybe this is just an issue with my local copy—that would be a big relief, actually—but it seems unlikely as it was a pretty vanilla build.

Thanks!

 

[startergo]

Did you enable the environment variables option while installing the proxy? It's selected by default, but optional.

If you did, did you reboot before testing Python? (You should only need to restart your session or terminal emulator, but a full-on reboot is foolproof.)

If yes to both of the above, can you please share the output of each of the below commands?

python --version
echo $HTTPS_PROXY
echo $SSL_CERT_FILE
echo $REQUESTS_CA_BUNDLE
cat /etc/launchd.conf

And also, where did you install Python from? I'll admit I built my copy of python3 from source so maybe this is just an issue with my local copy—that would be a big relief, actually—but it seems unlikely as it was a pretty vanilla build.

Thanks!

Yes, when rebooted I faced the same error. It only worked again after I uninstalled the proxy.

Could not fetch URL https://pypi.org/simple/openai/: There was a problem confirming the ssl certificate: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/openai/ (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1006)'))) - skipping
ERROR: Could not find a version that satisfies the requirement openai (from versions: none)
ERROR: No matching distribution found for openai

 

[f54da]

Fyi apparently PIP_CERT is an env var that can be used. But seems there are issues with that? https://bugs.launchpad.net/devstack/+bug/1655881 I can't even find where in the code PIP_CERT is even used.

Another magic var seems to be _PIP_STANDALONE_CERT

I'd place some prints in https://github.com/pypa/pip/blob/ff...rc/pip/_vendor/requests/adapters.py#L247-L266 and see what's going on there...

 

[startergo]

If you don't set the REQUESTS_CA_BUNDLE environment variable to /Library/Squid/Certificates/squid.pem, anything which uses the requests package for https will break.

Based on your suggestion I set my exported certificates from a supported macOS like this:

REQUESTS_CA_BUNDLE="/Users/mavericks/Desktop"

And everything works now.

python --version
Python 3.11.5
echo $HTTPS_PROXY
http://localhost:3128
echo $SSL_CERT_FILE
/Library/Squid/Certificates/squid.pem
echo $REQUESTS_CA_BUNDLE
/Users/mavericks/Desktop
cat /etc/launchd.conf
setenv HTTPS_PROXY http://localhost:3128
setenv SSL_CERT_FILE /Library/Squid/Certificates/squid.pem
setenv REQUESTS_CA_BUNDLE /Library/Squid/Certificates/squid.pem

Is the problem in the squid.pem? Can it be replaced?

 

[startergo]

Stopped working. Not consistent.

 

[startergo]

macOS, iOS etc​

Some operating systems hold onto the expired R3 > DST Root CA X3 chain even if your server is no longer using it. Try a restart of the affected client device.

For older macOS not updated by Apple:

• Download the ISRG Root X1 certificate file from http://x1.i.lencr.org/
• Open the Keychain Access app and drag that file into the System folder of that app.
• Find the ISRG Root X1 certificate in System and double click on it, open the Trust menu and change "Use System Defaults" to "Always Trust", then close that and enter your password to confirm the change (if prompted).

Let's Encrypt DST Root CA X3 expiry Sept 30th 2021 | Certify The Web Docs

Certificate trust mainly relies on the "root" issuing certificate (and intermediate certificates) being trusted by your computer.

docs.certifytheweb.com

El Capitan and older Mac OS X are about to have a security certificate problem

If you’re still running El Capitan, or any version of Mac OS X prior to 10.12.1, then you’re about to run into problems with some popular security certificates. The reason, explained in…

eclecticlight.co

 

[Wowfunhappy]

Let's Encrypt DST Root CA X3 expiry Sept 30th 2021 | Certify The Web Docs

Certificate trust mainly relies on the "root" issuing certificate (and intermediate certificates) being trusted by your computer.

docs.certifytheweb.com

El Capitan and older Mac OS X are about to have a security certificate problem

If you’re still running El Capitan, or any version of Mac OS X prior to 10.12.1, then you’re about to run into problems with some popular security certificates. The reason, explained in…

eclecticlight.co

Yep, it's a good idea to install ISRG Root X1! However, this doesn't in itself resolve most problems; having up-to-date certificates isn't useful if your Mac doesn't support the cipher suites needed by most servers.

 

[Wowfunhappy]

Options to consider include:

• Set up your VPN at the router level. (Or set up Squid at the router level, but putting the VPN there is likely easier, especially if you always connect to the internet via a VPN.)
• Choose a VPN provider that supports the L2TP protocol natively supported by legacy OS X. (Or the PPTP protocol which is also supported, but apparently PPTP has legitimate security issues.)
  • I don't know for sure that this will work, however if you set up a VPN as a network interface in System Preferences, you can add an HTTPS proxy to that interface just like any other. Hard to believe OS X would ignore that. As a very occasional VPN user myself, I'm personally planning to do this in the fall, when my current subscription expires.

I wanted to follow up on the discussion regarding VPNs.

Since October, I have been using privatevpn.com, which supports connecting via the older L2TP protocol. This allows me to add PrivateVPN as a Network Interface in System Preferences on Mavericks, and connect without any third-party VPN software.

You can add a proxy to this network interface the same as any other (Advanced → Proxies → Secure Web Proxy), and everything works as you would expect. As a result, if you need a VPN on legacy OS X I recommend looking at PrivateVPN.

(Because sleazy marketing tactics are common in the VPN world, I want to make extra clear that I have zero stake in whether you subscribe to PrivateVPN or any other VPN. Note that the above post contains zero links, affiliate or otherwise. I also do not believe most of the privacy claims these services make; I consider them useful in specific situations such as on public wifi networks.)

 

[Wowfunhappy]

I have updated the Proxy package to fix a bug in the Dictionary app. While I was at it, I also updated the root Mozilla CA certificates, which needs to be done once every few years or so. Please redownload from the normal link.

 

[f54da]

> to fix a bug in the Dictionary app

Was the fix for dictionary not using proxies never previously included as part of the package, or is this a new bug?

 

[Wowfunhappy]

> to fix a bug in the Dictionary app

Was the fix for dictionary not using proxies never previously included as part of the package, or is this a new bug?

ProxyFix now unsets the DYLD_INSERT_LIBRARIES environment variable after loading, to fix the issue with printing and then opening the PDF in Preview.