我使用bazel将docker映像发布到gitlab regitry。上周,bazel命令开始失败。我能够将问题范围缩小到httplib2。
下面的代码示例可用于重现此问题。
import httplib
import httplib2
conn = httplib.HTTPSConnection("registry.gitlab.com")
conn.request("GET", "/")
r1 = conn.getresponse()
print r1.status, r1.reason
httplib2.Http().request('https://registry.gitlab.com')
上面的输出是:
200 OK
Traceback (most recent call last):
File "deleteMe.py", line 9, in <module>
httplib2.Http().request('https://registry.gitlab.com')
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 2135, in request
cachekey,
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1796, in _request
conn, request_uri, method, body, headers
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1701, in _conn_request
conn.connect()
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1411, in connect
raise SSLHandshakeError(e)
httplib2.SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)
Wireshark中显示的错误是“描述:未知的CA(48)”
我尝试通过openssl验证gitlab证书,但看不到任何问题。
我尝试在httplib2定义中指定gitlab证书,但出现相同的错误。
h = httplib2.Http(ca_certs='./registrygitlabcom.crt')
h.request('https://registry.gitlab.com')
关于我应该做什么或尝试的任何指示...谢谢!
答案 0 :(得分:0)
我想我已经找到答案了。将其发布在这里,供可能遇到此问题的其他任何人使用。
httplib2使用的根证书来自cacerts.txt文件。 (https://github.com/httplib2/httplib2/blob/master/python2/httplib2/cacerts.txt)
registry.gitlab.com可能在上周切换了根CA,这已经引发了问题。