如何为Github更新httplib2的cacerts.txt?
发布于 2021-01-29 14:11:13
我正在尝试将Github API与httplib2一起使用。但是当我向它的端点发出请求时,它给了我以下错误:
import httplib2
h = httplib2.Http()
h.request('https://api.github.com/gists')
# OUT: Traceback (most recent call last):
# OUT: File "<input>", line 1, in <module>
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1570, in request
# OUT: (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1317, in _request
# OUT: (response, content) = self._conn_request(conn, request_uri, method, body, headers)
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1252, in _conn_request
# OUT: conn.connect()
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1044, in connect
# OUT: raise SSLHandshakeError(e)
# OUT: SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
我可以使用以下解决方法:
h = httplib2.Http(disable_ssl_certificate_validation=True)
h.request('https://api.github.com/gists')
# OUT: ({'content-length': '58443' ...
但这仍然是一种解决方法,我想知道如何使用httplib2为Github正确验证SSL证书。在Google上搜索时,我发现我应该更新cacerts.txt该库,但不知道如何更新Github的证书授权。还是通过https发送请求而没有证书验证问题的其他正确方法?
关注者
0
被浏览
120
1 个回答
-
UPD:
最简单的方法是在Firefox中打开GitHub,依次查看页面信息->安全->查看证书->详细信息->导出->作为PEM文件。而且最好使用请求。从Firefox提供的有关https连接的信息中,我发现GitHub的证书是“
DigiCert高保证EV根CA”,可以在以下位置找到:http :
//curl.haxx.se/ca/cacert.pem证书文本可以粘贴到
httplib2.__path__ + '/cacerts.txt'或保存到单独的文件中,然后使用以下方法创建http连接:h = httplib2.Http(ca_certs='/path/to/that/file')
