2

I tried to install pybgpdump using pip but pip threw the error below. 

pip install pybgpdump
Downloading/unpacking pybgpdump
  You are installing a potentially insecure and unverifiable file. Future versions of pip will default to disallowing insecure files.
  Error <urlopen error [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed> while getting https://jon.oberheide.org/pybgpdump/downloads/pybgpdump-0.2.tar.gz (from https://jon.oberheide.org/pybgpdump/)
Cleaning up..

Why does pip try to verify the pybgpdump package?

What is the difference between a secure and insecure file?

Improve this question
1
  • Did you check my answer?
    – Ortomala Lokni
    Commented Dec 20, 2015 at 8:37

1 Answer 1

Reset to default
1

Because from pip version 1.3, https is the default protocol.

In CHANGES.txt:

**1.3 (2013-03-07)**

* SSL Cert Verification; Make https the default for PyPI access.
  Thanks James Cleveland, Giovanni Bajo, Marcus Smith and many others (:pull:`791`, CVE-2013-1629).

and because pybgpdump is hosted on an external server (https://jon.oberheide.org/pybgpdump/) and you don't have the right certificate installed.

Note also that the pypi package index hold only the version 0.1 of pybgpdump and the last version is 0.2

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.