当我执行 google-ads python 示例代码时,出现以下错误
DEBUG:google.auth.transport.requests:Making request: POST https://accounts.google.com/o/oauth2/token
DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): accounts.google.com:443
DEBUG:urllib3.connectionpool:https://accounts.google.com:443 "POST /o/oauth2/token HTTP/1.1" 200 None
E0421 09:57:53.365121806 21019 ssl_transport_security.cc:1455] Handshake failed with fatal error SSL_ERROR_SSL: error:1000007d:SSL routines:OPENSSL_internal:CERTIFICATE_VERIFY_FAILED.
INFO:google.ads.googleads.client:Request
-------
Method: /google.ads.googleads.v6.services.GoogleAdsService/SearchStream
Host: googleads.googleapis.com
Headers: {
"developer-token": "REDACTED",
"x-goog-api-client": "gl-python/3.8.6 grpc/1.37.0 gax/1.26.3",
"x-goog-request-params": "customer_id="
}
Request: query: "\n SELECT\n campaign.id,\n campaign.name\n FROM campaign\n ORDER BY campaign.id"
Response
-------
Headers: {}
Fault: {
"created": "@1619013473.365323139",
"description": "Failed to pick subchannel",
"file": "src/core/ext/filters/client_channel/client_channel.cc",
"file_line": 5419,
"referenced_errors": [
{
"created": "@1619013473.365317068",
"description": "failed to connect to all addresses",
"file": "src/core/ext/filters/client_channel/lb_policy/pick_first/pick_first.cc",
"file_line": 397,
"grpc_status": 14
}
]
}
我支持一个公司网络,该网络为每个 Internet 连接使用自己的证书。
我们的服务器信任内部证书。我用我们的 CA 证书替换了 certifi 中的 CA 证书,urllib3 可以很好地连接到 account.google.com 和 googleads.googleapis.com。
curl 到两个 URL 也可以正常工作
从上面的错误来看,urllib3 连接正常,但 GRPC 有问题。鉴于 curl 有效,操作系统 ca 证书很好,那么 GRPC 在哪里选择 ca 证书,我需要将我们的公司颁发者证书添加到其中?
谷歌广告:10.0.0/python:3.8.0/RHEL7
答案 0 :(得分:0)
如果公司网络有代理交换凭据,则可能会出现 CERTIFICATE_VERIFY_FAILED
。您可能希望通过 https://grpc.github.io/grpc/python/grpc.html#create-client-credentials 提供您公司的根凭据。我不确定如何使用 google-auth
,您可能想在那里发布您的问题:https://github.com/googleapis/google-auth-library-python