如何为Github更新httplib2的cacerts.txt? [英] How to update cacerts.txt of httplib2 for Github?
问题描述
我正在尝试将Github API与httplib2一起使用.但是,当我向端点请求时,会出现以下错误:
I am trying to use Github API with httplib2. But when I making requests to it's endpoints, it gives me following error:
import httplib2
h = httplib2.Http()
h.request('https://api.github.com/gists')
# OUT: Traceback (most recent call last):
# OUT: File "<input>", line 1, in <module>
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1570, in request
# OUT: (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1317, in _request
# OUT: (response, content) = self._conn_request(conn, request_uri, method, body, headers)
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1252, in _conn_request
# OUT: conn.connect()
# OUT: File "/usr/local/lib/python2.7/dist-packages/httplib2/__init__.py", line 1044, in connect
# OUT: raise SSLHandshakeError(e)
# OUT: SSLHandshakeError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
我可以使用以下解决方法:
I could use following workaround:
h = httplib2.Http(disable_ssl_certificate_validation=True)
h.request('https://api.github.com/gists')
# OUT: ({'content-length': '58443' ...
但这仍然是一种解决方法,我想知道如何使用httplib2正确验证Github的SSL证书.搜索Google我发现我应该更新该库的cacerts.txt,但是不知道如何以及在哪里获得Github的证书颁发机构.还是有其他正确的方法可以通过https发送请求,而不会出现证书验证问题?
But this is still a workaround, and I am wondering how to properly validate SSL certificate for Github with httplib2. Searching Google I found that I should update cacerts.txt of that library, but don't know how, and where get certificate authority for Github. Or is there any other right way to send requests throught https, without certificate verification problems?
推荐答案
UPD:最简单的方法是在Firefox中打开GitHub,查看页面信息->安全性->查看证书->详细信息- >导出->作为PEM文件.而且最好使用请求.
UPD: The easiest way is to open GitHub in Firefox, View Page info -> Security -> View Certificate -> Details -> Export -> As PEM file. And also it is better to use requests.
从Firefox提供的有关https连接的信息中,我发现GitHub的证书是"DigiCert High Assurance EV Root CA",可以在以下位置找到:
From the information which Firefox gives about https connection, I found out that certificate for GitHub is "DigiCert High Assurance EV Root CA", which could be found here: http://curl.haxx.se/ca/cacert.pem
证书的文本可以粘贴到httplib2.__path__ + '/cacerts.txt',或保存到单独的文件中,然后使用以下方法创建http连接:
Text of certificate could be pasted to the httplib2.__path__ + '/cacerts.txt', or saved to separate file and than http connection should be created with:
h = httplib2.Http(ca_certs='/path/to/that/file')
这篇关于如何为Github更新httplib2的cacerts.txt?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
