如何为Github更新httplib2的cacerts.txt?

时间:2013-09-01 11:01:06

标签: python ssl httplib2

我正在尝试将Github API与httplib2一起使用。但是当我向它的端点发出请求时,它会给我以下错误:

import httplib2
h = httplib2.Http()
h.request('https://api.github.com/gists')
# OUT: Traceback (most recent call last):
# OUT:   File "<input>", line 1, in <module>
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1570, in request
# OUT:     (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1317, in _request
# OUT:     (response, content) = self._conn_request(conn, request_uri, method, body, headers)
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1252, in _conn_request
# OUT:     conn.connect()
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1044, in connect
# OUT:     raise SSLHandshakeError(e)
# OUT: SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

我可以使用以下解决方法:

h = httplib2.Http(disable_ssl_certificate_validation=True)
h.request('https://api.github.com/gists')
# OUT: ({'content-length': '58443' ...

但这仍然是一种解决方法,我想知道如何使用httplib2正确验证Github的SSL证书。搜索Google我发现我应该更新该库的cacerts.txt,但不知道如何获取Github的证书权限。或者有没有其他正确的方式通过https发送请求,没有证书验证问题?

2 个答案:

答案 0 :(得分:4)

UPD:最简单的方法是在Firefox中打开GitHub,查看页面信息 - &gt;安全 - &gt;查看证书 - &gt;详细信息 - &gt;出口 - &gt;作为PEM文件。而且最好使用请求。

根据Firefox提供的有关https连接的信息,我发现GitHub的证书是“DigiCert High Assurance EV Root CA”,可在此处找到:http://curl.haxx.se/ca/cacert.pem

证书文本可以粘贴到httplib2.__path__ + '/cacerts.txt',或者保存到单独的文件中,而不应该创建http连接:

h = httplib2.Http(ca_certs='/path/to/that/file')

Here is also useful post about this topic

答案 1 :(得分:0)

只需通过

更新httplib2包 
pip install --upgrade httplib2

或者你可以直接替换cacerts.txt这个文件 https://github.com/httplib2/httplib2/blob/master/python2/httplib2/cacerts.txt

如果您使用boto.txt文件,那么您可能会使用like boto.txt 

ca_certificates_file = /etc/ssl/certs/ca-bundle.crt <--- location of your system cert

或者您可以通过

指定您的httplib2 cacerts.txt文件 
ca_certificates_file = /usr/local/lib/python2.7/dist-packages/httplib2/python2/httplib2/cacerts.txt
相关问题
最新问题