AppEngine本地开发服务器上的Braintree SDK SSLCertificateError [英] Braintree SDK SSLCertificateError on AppEngine local dev server

问题描述

在本地 Braintree SDK > dev_appserver.py 在 braintree.ClientToken.generate（）上返回以下错误：

The use of Braintree SDK under my local dev_appserver.py is returning following error on braintree.ClientToken.generate():

SSLError: SSLCertificateError:
Invalid and/or missing SSL certificate for URL:  
https://api.sandbox.braintreegateway.com:443/merchants/<merchant_id>/client_token

我正在使用 requests_toolbelt 在服务器的开头：

I am using the requests_toolbelt at the start of my server:

# Make requests work in GAE
import requests
from requests_toolbelt.adapters import appengine
appengine.monkeypatch()

明确排除SSL验证不会可以工作（返回相同的错误消息）：

Explicitly excluding SSL Validation doesn't work either (returns with the same error message):

appengine.monkeypatch(validate_certificate=False)

事实上，没有 re quests_toolbelt ，调用 .generate（）时遇到的错误是：

In fact, without requests_toolbelt, the error I get when calling .generate() is:

ProtocolError('Connection aborted.', error(13, 'Permission denied'))

我还尝试了main.py 中的hack rel = nofollow noreferrer> braintree-python-appengine 项目，但是我收到了相同的SSL错误消息。

I also tried the hack in the main.py of braintree-python-appengine project but I get the same SSL error message back.

• MacOSX 10.11.6


• gcloud应用程序Python扩展1.9.63


• Python 2.7.10


• requests == 2.18.4


• braintree == 3.39.0


• Flask == 0.12.2

• MacOSX 10.11.6
• gcloud app Python Extensions 1.9.63
• Python 2.7.10
• requests==2.18.4
• braintree==3.39.0
• Flask==0.12.2

1. 一旦部署到Google App Engine，我会毫无问题地获得客户端令牌


2. 直接在<$上使用请求 c $ c> https://www.braintreepayments.com/ 返回200，没有任何错误

1. Once deployed to Google App Engine, I get the client token back without any problem
2. Directly use of requests on https://www.braintreepayments.com/ returns 200 without any errors

推荐答案

Braintree支持的回复如下（于2017-11-20）：

Braintree support kindly replied to my inquiry with (on 2017-11-20):

您收到的错误通常与应用程序运行时使用的SSL / TLS协议有关；我们的沙盒环境要求必须通过TLS 1.2建立连接，该要求尚未应用于生产。

The error you're receiving is generally related to the SSL/TLS protocols being used when your app is run; our sandbox environment requires connections to be made via TLS 1.2, a requirement that does not yet apply to production.

从查看的结果来看，似乎在本地部署应用程序时使用的协议是对我们的环境无效。如果应用程序设置在Google App Engine中进行了本地化，则可能是造成此问题的原因； Python使用系统提供的OpenSSL，而TLSv1.2需要OpenSSL 1.0.1c或更高版本。

From review, it appears that the protocols being used when the app is deployed locally are not valid for our environment. If the app settings are localised within the Google App Engine, that may be the cause of the issue; Python uses the system-supplied OpenSSL, and TLSv1.2 requires OpenSSL 1.0.1c or later.

所以根本原因是我使用的Python版本较旧版本的OpenSSL：

So the root cause is my version of Python which uses an older version of OpenSSL:

$ python --version
Python 2.7.10

$ python
>> import ssl
>> ssl.OPENSSL_VERSION
>> 'OpenSSL 0.9.8zh 14 Jan 2016'

解决方案是通过brew升级我的python版本：

The solution is to upgrade my version of python via brew:

$ brew install python
$ python2 --version
Python 2.7.14

$ python2
>> import ssl
>> ssl.OPENSSL_VERSION
>> 'OpenSSL 1.0.2m  2 Nov 2017'

然后，使用新安装的python启动我的开发服务器解决了 SSLCertificateError ：

Then, launching my dev server using newly installed python solves the SSLCertificateError:

python2 $appserver_path/dev_appserver.py ...

这篇关于AppEngine本地开发服务器上的Braintree SDK SSLCertificateError的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！