当前位置: 文江博客话题详情

Python - Oauth2 的 SSL 问题

发布于 2025-01-05 09:34:08 字数 1780 浏览 1 评论 0原文

每当尝试在 Python 中使用 oAuth2 时,我似乎都会遇到 SSL 问题。我花了一下午的大部分时间尝试调试它,但似乎无法弄清楚。

这是我的 Python 脚本(很好又简单):

import oauth2.oauth2 as oauth
import urlparse
import time

## If you're actually processing requests, you'll want this
# import simplejson


### GET A REQUEST TOKEN ###

consumer = oauth.Consumer(key="***KEYHERE***", secret="***KEYSECRETHERE***")

request_token_url = 'https://api.instagram.com/oauth/access_token'

client = oauth.Client(consumer)
resp, content = client.request(request_token_url, "GET")

request_token = dict(urlparse.parse_qsl(content))


token = oauth.Token(request_token['oauth_token'], request_token['oauth_token_secret'])

以及来自 Python 解释器的这些错误:

Traceback (most recent call last):
  File "E:\Projects\oAuth2Test\test.py", line 16, in <module>
    resp, content = client.request(request_token_url, "GET")
  File "E:\Projects\oAuth2Test\oauth2\oauth2.py", line 682, in request
    connection_type=connection_type)
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 1445, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 1197, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 1133, in _conn_request
    conn.connect()
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 914, in connect
    raise SSLHandshakeError(e)
SSLHandshakeError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

现在,众所周知,我将 httplib2 附带的 cacerts.txt 放在正确的位置,并且找到了它,但我仍然遇到这个问题。任何帮助表示赞赏,谢谢!

原文

I seem to be having an issue with SSL whenever trying to use oAuth2 in Python. I've spent most of the afternoon attempting to debug it but can't seem to figure it out.

Here's my Python Script (Nice and simple):

import oauth2.oauth2 as oauth
import urlparse
import time

## If you're actually processing requests, you'll want this
# import simplejson


### GET A REQUEST TOKEN ###

consumer = oauth.Consumer(key="***KEYHERE***", secret="***KEYSECRETHERE***")

request_token_url = 'https://api.instagram.com/oauth/access_token'

client = oauth.Client(consumer)
resp, content = client.request(request_token_url, "GET")

request_token = dict(urlparse.parse_qsl(content))


token = oauth.Token(request_token['oauth_token'], request_token['oauth_token_secret'])

And these error from the Python Interpreter:

Traceback (most recent call last):
  File "E:\Projects\oAuth2Test\test.py", line 16, in <module>
    resp, content = client.request(request_token_url, "GET")
  File "E:\Projects\oAuth2Test\oauth2\oauth2.py", line 682, in request
    connection_type=connection_type)
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 1445, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 1197, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 1133, in _conn_request
    conn.connect()
  File "E:\Projects\oAuth2Test\httplib2\httplib2.py", line 914, in connect
    raise SSLHandshakeError(e)
SSLHandshakeError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

Now, just so it's known, I have my cacerts.txt that came with httplib2 in the proper place and it is found, yet I still have this problem. Any help is appreciated, thanks!

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(6

凉世弥音 2025-01-12 09:34:08

cacerts.txt 包含的 CA 太少。如果将其替换为 cacert.pem 则不会出现 ssl 错误。下面是一个测试脚本:

#!/usr/bin/env python3
import http.client
import ssl

####context = ssl.create_default_context(cafile='cacerts.txt') # ssl.SSLError
####context = ssl.create_default_context(cafile='cacert.pem')  # works   
context = ssl.create_default_context()  # works as is on the recent versions
#NOTE: ssl.CERT_REQUIRED is set for the default Purpose.SERVER_AUTH

h = http.client.HTTPSConnection('api.instagram.com', 443, context=context)
h.request('POST', '/oauth/access_token')
resp = h.getresponse()
print(resp.status, resp.reason) # produce expected 400 http error
print(resp.headers)
print(resp.read())

如示例所示,默认 CA 列表对于最新的软件版本可能就足够了。

cacerts.txt contains too few CAs. If you replace it with cacert.pem then there is no ssl error. Here's a test script:

#!/usr/bin/env python3
import http.client
import ssl

####context = ssl.create_default_context(cafile='cacerts.txt') # ssl.SSLError
####context = ssl.create_default_context(cafile='cacert.pem')  # works   
context = ssl.create_default_context()  # works as is on the recent versions
#NOTE: ssl.CERT_REQUIRED is set for the default Purpose.SERVER_AUTH

h = http.client.HTTPSConnection('api.instagram.com', 443, context=context)
h.request('POST', '/oauth/access_token')
resp = h.getresponse()
print(resp.status, resp.reason) # produce expected 400 http error
print(resp.headers)
print(resp.read())

As the example demonstrates, the default CA list might be enough on the recent software versions.

回复 原文
放赐 2025-01-12 09:34:08

首先,运行pip install certifi。然后在发出任何请求之前设置客户端的 ca_certs 属性:

client = oauth.Client(consumer)
client.ca_certs = certifi.where()

这受到 jterrace 使用 httplib2.Http.add_certificate 的建议的启发

First, run pip install certifi. Then set the client's ca_certs property, before making any requests:

client = oauth.Client(consumer)
client.ca_certs = certifi.where()

This was inspired by jterrace's suggestion to use httplib2.Http.add_certificate

回复 原文
欲拥i 2025-01-12 09:34:08

httplib2 附带的默认 cacerts.txt 包含以下证书:

  • Verisign/RSA Secure Server CA
  • Thawte Personal Basic CA
  • Thawte Personal Premium CA
  • Thawte Personal Freemail CA
  • Thawte Server CA
  • Thawte Premium Server CA
  • Equifax Secure CA
  • Verisign Class 1 Public Primary Certification Authority
  • Verisign Class 2 公共主要证书颁发机构
  • Verisign 3 类公共主要证书颁发机构
  • Verisign 1 类公共主要证书颁发机构 - G2
  • Verisign 2 类公共主要证书颁发机构 - G2
  • Verisign 3 类公共主要证书颁发机构 - G2
  • Verisign 4 类公共主要证书颁发机构 - G2
  • Verisign 1 类公共主要证书颁发机构 - G3
  • Verisign 2 类公共主要证书颁发机构 - G3
  • Verisign 3 类公共主要证书颁发机构 - G3
  • Verisign 4 类公共 证书颁发机构主要证书颁发机构 - G3
  • Equifax Secure Global eBusiness CA
  • Equifax Secure eBusiness CA 1
  • Equifax Secure eBusiness CA 2
  • Thawte Time Stamping CA
  • thawte 主根 CA
  • VeriSign 3 类公共主证书颁发机构 - G5
  • Entrust.net 安全服务器证书颁发机构
  • GoDaddy 证书颁发机构根证书捆绑包

Instagram HTTPS 证书由

  • GeoTrust Global CA

签名您需要将该证书添加到您的 cacerts.txt

The default cacerts.txt that comes with httplib2 contains these certificates:

  • Verisign/RSA Secure Server CA
  • Thawte Personal Basic CA
  • Thawte Personal Premium CA
  • Thawte Personal Freemail CA
  • Thawte Server CA
  • Thawte Premium Server CA
  • Equifax Secure CA
  • Verisign Class 1 Public Primary Certification Authority
  • Verisign Class 2 Public Primary Certification Authority
  • Verisign Class 3 Public Primary Certification Authority
  • Verisign Class 1 Public Primary Certification Authority - G2
  • Verisign Class 2 Public Primary Certification Authority - G2
  • Verisign Class 3 Public Primary Certification Authority - G2
  • Verisign Class 4 Public Primary Certification Authority - G2
  • Verisign Class 1 Public Primary Certification Authority - G3
  • Verisign Class 2 Public Primary Certification Authority - G3
  • Verisign Class 3 Public Primary Certification Authority - G3
  • Verisign Class 4 Public Primary Certification Authority - G3
  • Equifax Secure Global eBusiness CA
  • Equifax Secure eBusiness CA 1
  • Equifax Secure eBusiness CA 2
  • Thawte Time Stamping CA
  • thawte Primary Root CA
  • VeriSign Class 3 Public Primary Certification Authority - G5
  • Entrust.net Secure Server Certification Authority
  • Go Daddy Certification Authority Root Certificate Bundle

The instagram HTTPS certificate is signed by:

  • GeoTrust Global CA

You will need to add the certificate to your cacerts.txt

回复 原文
久隐师 2025-01-12 09:34:08

我在 Flask-Social 的 OAuth 调用 Facebook 时遇到了同样的问题。最简单的解决方案是安装 httplib2.ca_certs_locator 插件。

在 httplib2.init.py 中,有一个内置检查,用于从其他来源加载证书,而不是库提供的 cacerts.txt 文件:

try:
    # Users can optionally provide a module that tells us where the CA_CERTS
    # are located.
    import ca_certs_locater
    CA_CERTS = ca_certs_locater.get()
except ImportError:
    # Default CA certificates file bundled with httplib2.
    CA_CERTS = os.path.join(
        os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")

安装此插件解决了我的问题没有代码更改/黑客攻击。

I was running into the same issue with Flask-Social's OAuth call to Facebook. The easiest solution is to install httplib2.ca_certs_locator plug-in.

In httplib2.init.py, there is a check built-in for loading certificates from another source instead of the cacerts.txt file provided with the library:

try:
    # Users can optionally provide a module that tells us where the CA_CERTS
    # are located.
    import ca_certs_locater
    CA_CERTS = ca_certs_locater.get()
except ImportError:
    # Default CA certificates file bundled with httplib2.
    CA_CERTS = os.path.join(
        os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")

Installing this plug-in fixed the problem for me with no code-changes/hack-a-rounds.

回复 原文
ま昔日黯然 2025-01-12 09:34:08

我在安装了旧版本 Python 2.7 (2.7.1) 的系统 (OSX Yosemite) 上遇到了同样的错误。

我将Python升级到2.7.10,解决了这个问题。

https://www.python.org/downloads/release/python-2710/

线索是我在尝试不同解决方案时看到的以下警告消息:

“InsecurePlatformWarning:真正的 SSLContext 对象不可用。这会阻止 urllib3 正确配置 SSL,并可能导致某些 SSL 连接失败。了解更多信息,请参阅 https://urllib3.readthedocs.org/en/latest/security.html#不安全平台警告

I was having the same error on my system (OSX Yosemite) which had an old version of Python 2.7 installed (2.7.1).

I upgraded Python to 2.7.10 which solved the problem.

https://www.python.org/downloads/release/python-2710/

The clue was in the following warning message which I saw while I was experimenting with different solutions:

"InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning"

回复 原文
反差帅 2025-01-12 09:34:08

更新 cacerts.txt 文件的另一种方法是使 httplib2 保持最新。他们偶尔会更新此文件,因此如果您遇到此问题,请检查您是否没有使用该库的最新版本并进行更新。

One more way to update your cacerts.txt file is to keep httplib2 up to date. They occasionally update this file, so if you run into this problem, check if you're not using the latest version of the library and update it.

回复 原文
~没有更多了~

关于作者

谎言月老

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

微信用户

文章 0 评论 0

小情绪

文章 0 评论 0

追我者格杀勿论

文章 0 评论 0

ゞ记忆︶ㄣ

文章 0 评论 0

笨死的猪

文章 0 评论 0

彭明超

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文