一尘不染

如何为Github更新httplib2的cacerts.txt?

python

我正在尝试将Github API与httplib2一起使用。但是当我向它的端点发出请求时,它给了我以下错误:

import httplib2
h = httplib2.Http()
h.request('https://api.github.com/gists')
# OUT: Traceback (most recent call last):
# OUT:   File "<input>", line 1, in <module>
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1570, in request
# OUT:     (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1317, in _request
# OUT:     (response, content) = self._conn_request(conn, request_uri, method, body, headers)
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1252, in _conn_request
# OUT:     conn.connect()
# OUT:   File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1044, in connect
# OUT:     raise SSLHandshakeError(e)
# OUT: SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

我可以使用以下解决方法:

h = httplib2.Http(disable_ssl_certificate_validation=True)
h.request('https://api.github.com/gists')
# OUT: ({'content-length': '58443' ...

但这仍然是一种解决方法,我想知道如何使用httplib2为Github正确验证SSL证书。在Google上搜索时,我发现我应该更新cacerts.txt该库,但不知道如何更新Github的证书授权。还是通过https发送请求而没有证书验证问题的其他正确方法?


阅读 246

收藏
2021-01-20

共1个答案

一尘不染

UPD:
最简单的方法是在Firefox中打开GitHub,依次查看页面信息->安全->查看证书->详细信息->导出->作为PEM文件。而且最好使用请求。

从Firefox提供的有关https连接的信息中,我发现GitHub的证书是“
DigiCert高保证EV根CA”,可以在以下位置找到:http :
//curl.haxx.se/ca/cacert.pem

证书文本可以粘贴到httplib2.__path__ + '/cacerts.txt'或保存到单独的文件中,然后使用以下方法创建http连接:

h = httplib2.Http(ca_certs='/path/to/that/file')

这也是有关此主题的有用文章

2021-01-20