I'm trying to install emsdk under Windows according to instructions there. I use Windows (10.0.19045.2728 freshly installed and updated, in a VM with open internet access). I install Python 3.11.3 (as admin with "Add python.exe to PATH"), download emsdk 2023-04-03 and unzip that to an emsdk folder, and in a cmd.exe prompt do
> emsdk install latest
Resolving SDK alias 'latest' to '3.1.35'
Resolving SDK version '3.1.35' to 'sdk-releases-671550b5bdceee7bdb21493714f9a815aa5149a9-64bit'
Installing SDK 'sdk-releases-671550b5bdceee7bdb21493714f9a815aa5149a9-64bit'..
Installing tool 'node-14.18.2-64bit'..
Error: Downloading URL 'https://storage.googleapis.com/webassembly/emscripten-releases-builds/deps/node-v14.18.2-win-x64.zip': <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1002)>
Warning: Possibly SSL/TLS issue. Update or install Python SSL root certificates (2048-bit or greater) supplied in Python folder or https://pypi.org/project/certifi/ and try again.
error: installation failed!
What am I missing?
I tried
pip install certifi
(that succeeds, but does not cure it)python emsdk.py install latest
(no change)Ugly workaround: I successfully inserted this kludge in emsdk.py
at start of download_file
if url.startswith("https://storage.googleapis.com/"): # TODO fix/remove me
url = "http"+url[5:] # change https to http # TODO fix/remove me
Kudos to yolw: running their powershell script fixes it for good! Slightly edited:
# This seems to update the machine cert store so that python can download the files as required by emscripten's install
$WebsiteURL="storage.googleapis.com"
Try {
$Conn = New-Object System.Net.Sockets.TcpClient($WebsiteURL,443)
Try {
$Stream = New-Object System.Net.Security.SslStream($Conn.GetStream())
$Stream.AuthenticateAsClient($WebsiteURL)
$Cert = $Stream.Get_RemoteCertificate()
$ValidTo = [datetime]::Parse($Cert.GetExpirationDatestring())
Write-Host "`nConnection Successfull" -ForegroundColor DarkGreen
Write-Host "Website: $WebsiteURL"
Write-Host "ValidTo: $ValidTo"
}
Catch { Throw $_ }
Finally { $Conn.close() }
}
Catch {
Write-Host "`nError occurred connecting to $($WebsiteURL)" -ForegroundColor Yellow
Write-Host "Website: $WebsiteURL"
Write-Host "Status:" $_.exception.innerexception.message -ForegroundColor Yellow
Write-Host ""
}
To get this saved as update-machine-certs.ps1
running, I needed to issue
Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope CurrentUser
that I undid with
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope CurrentUser
The output was
Connection Successfull
Website: storage.googleapis.com
ValidTo: 06/12/2023 10:29:06