禁用errbot证书验证

时间:2017-01-28 21:26:07

标签: errbot

由于ssl证书无效,我很难尝试将errbot连接到dev HipChat服务器。

日志:

21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: ssl_cert
21:16:01 ERROR    sleekxmpp.xmlstream.xmlst Could not match certficate against hostname: chat.btf.hipchat.com
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 WARNING  sleekxmpp.xmlstream.xmlst Failed to send b"<stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>"
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 ERROR    sleekxmpp.xmlstream.xmlst Socket Error #9: Bad file descriptor

即使我指定了&#34;&#39;验证&#39;:错误&#34; Errbot仍保持验证证书。在BOT_IDENTITY中以及配置中的XMPP_CA_CERT_FILE =无。

配置的一部分:

BOT_IDENTITY = {
    ## HipChat mode (Comment the above if using this mode)
    'username' : '1_2@chat.btf.hipchat.com',
    'password' : '123qweASD',
    ## Group admins can create/view tokens on the settings page after logging
    ## in on HipChat's website
    'token'    : 'sometoken',
    ## If you're using HipChat server (self-hosted HipChat) then you should set
    ## the endpoint below. If you don't use HipChat server but use the hosted version
    ## of HipChat then you may leave this commented out.
    'endpoint' : 'hipchat.test.intra',
    'verify': False,
}
XMPP_CA_CERT_FILE = None

非常感谢任何有关如何使其发挥作用的想法。

1 个答案:

答案 0 :(得分:0)

此错误的来源发生在verify函数中,该函数验证证书在主机名和有效日期方面是否有效。

在errbot配置中设置的XMPP_CA_CERT_FILE的值最终会传递到XMLStream类中的ca_certs,用于影响cert_policy。这设置了ssl.CERT_NONE,但即便如此,still calls verify

这意味着您目前可以拥有一个没有有效信任根的(可能是自签名)证书,但您仍需要确保您连接的主机名与证书的主机名(CN)相匹配。 (这是SleekXMPP,errbot使用的底层XMPP库对我们造成的,而不是直接来自errbot本身的东西)。

相关问题
最新问题