所以我在dev_appserver.py本地运行我的Google端点。
我使用API资源管理器来测试应用程序。
我用来创建服务的代码,所以我可以调用API如下:
from apiclient.discovery import build
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
service = build('speech', 'v1beta1', credentials=credentials)
我收到SSL错误(无效和/或缺少SSL证书),即使我通过浏览器访问指定的URL时工作正常(即绿色挂锁显示)。
我不确定发生了什么变化,但不久前这种情况很好。
我尝试禁用SSL检查,但无法进行。
以下完整日志:
INFO 2017-01-02 03:12:02,724 discovery.py:267] URL being requested: GET https://www.googleapis.com/discovery/v1/apis/speech/v1beta1/rest?userIp=0.2.0.3
ERROR 2017-01-02 03:12:03,022 wsgi.py:263]
Traceback (most recent call last):
File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 240, in Handle
handler = _config_handle.add_wsgi_middleware(self._LoadHandler())
File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 299, in _LoadHandler
handler, path, err = LoadObject(self._handler)
File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 85, in LoadObject
obj = __import__(path[0])
File "/mnt/b117/home/vini/udacity/cerci-endpoint/api.py", line 28, in <module>
service = build('speech', 'v1beta1', credentials=credentials)
File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/oauth2client/_helpers.py", line 133, in positional_wrapper
return wrapped(*args, **kwargs)
File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/googleapiclient/discovery.py", line 222, in build
cache)
File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/googleapiclient/discovery.py", line 269, in _retrieve_discovery_doc
resp, content = http.request(actual_url)
File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/httplib2/__init__.py", line 1609, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/httplib2/__init__.py", line 1351, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/httplib2/__init__.py", line 1307, in _conn_request
response = conn.getresponse()
File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/dist27/gae_override/httplib.py", line 532, in getresponse
raise HTTPException(str(e))
HTTPException: Invalid and/or missing SSL certificate for URL: https://www.googleapis.com/discovery/v1/apis/speech/v1beta1/rest?userIp=0.2.0.3
任何可能导致此问题的想法?
我是否必须“安装”或更新python使用的SSL证书?
答案 0 :(得分:26)
根据App Engine issue 13477,urlfetch_cacerts.txt / App Engine Python SDK中包含的gcloud-sdk中的某些证书似乎已过期2017-01-01。
作为临时解决方法,您可以将<your-cloud-sdk-path>/platform/google_appengine/lib/cacerts/urlfetch_cacerts.txt的内容替换为https://curl.haxx.se/ca/cacert.pem
答案 1 :(得分:0)
要建立@danielx对macOS上的回答,这对我有用。证书的路径是:
/Applications/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/lib/cacerts/urlfetch_cacerts.txt
要更新它,我使用了以下步骤:
cd /Applications/GoogleAppEngineLauncher.app/Contents/Resources/GoogleAppEngine-default.bundle/Contents/Resources/google_appengine/lib/cacerts
mv urlfetch_cacerts.txt urlfetch_cacerts.bup
curl -o urlfetch_cacerts.txt -k https://curl.haxx.se/ca/cacert.pem
如果您没有安装curl,您可以手动download证书并将其移至上面的文件夹。
如果App Engine开发服务器已在运行,请不要忘记重新启动它。
答案 2 :(得分:-1)
最近在2017年8月在本地开发环境中出现此错误。修复是更新所有urlfetch调用并强制验证证书:
urlfetch.fetch(url=url, validate_certificate=True)
没必要触摸gcloud证书(MacOS)。请参阅Issuing an HTTPS request。