Python SSL的系統級解決方案：CERTIFICATE_VERIFY_FAILED

Question

我們公司的IT安全團隊使用中間證書（ZScaler）來驗證SSL流量。這會對使用SSL的任何實用程序或API封裝器造成問題，例如httplib2的，請求等

我已經找到了當我代碼調用的模塊，例如解決方案ssl_verify=False等等，但問題是當這些庫被調用時，在其他人的代碼的隱藏深處。

例如：

service = googleapiclient.discovery.build('vision', 'v1') 

它拋出的錯誤：

--------------------------------------------------------------------------- 
SSLHandshakeError       Traceback (most recent call last) 
<ipython-input-4-70a8fbe53fc9> in <module>() 
----> 1 service = googleapiclient.discovery.build('vision', 'v1') 

/usr/local/anaconda/lib/python2.7/site-packages/oauth2client/_helpers.pyc in positional_wrapper(*args, **kwargs) 
    131     elif positional_parameters_enforcement == POSITIONAL_WARNING: 
    132      logger.warning(message) 
--> 133    return wrapped(*args, **kwargs) 
    134   return positional_wrapper 
    135 

/usr/local/anaconda/lib/python2.7/site-packages/googleapiclient/discovery.pyc in build(serviceName, version, http, discoveryServiceUrl, developerKey, model, requestBuilder, credentials, cache_discovery, cache) 
    226  try: 
    227  content = _retrieve_discovery_doc(
--> 228   requested_url, discovery_http, cache_discovery, cache) 
    229  return build_from_document(content, base=discovery_url, http=http, 
    230   developerKey=developerKey, model=model, requestBuilder=requestBuilder, 

/usr/local/anaconda/lib/python2.7/site-packages/googleapiclient/discovery.pyc in _retrieve_discovery_doc(url, http, cache_discovery, cache) 
    273 logger.info('URL being requested: GET %s', actual_url) 
    274 
--> 275 resp, content = http.request(actual_url) 
    276 
    277 if resp.status >= 400: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in request(self, uri, method, body, headers, redirections, connection_type) 
    1657      content = "" 
    1658     else: 
-> 1659      (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) 
    1660   except Exception, e: 
    1661    if self.force_exception_to_status_code: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in _request(self, conn, host, absolute_uri, request_uri, method, body, headers, redirections, cachekey) 
    1397    auth.request(method, request_uri, headers, body) 
    1398 
-> 1399   (response, content) = self._conn_request(conn, request_uri, method, body, headers) 
    1400 
    1401   if auth: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in _conn_request(self, conn, request_uri, method, body, headers) 
    1317    try: 
    1318     if hasattr(conn, 'sock') and conn.sock is None: 
-> 1319      conn.connect() 
    1320     conn.request(method, request_uri, body, headers) 
    1321    except socket.timeout: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in connect(self) 
    1090     # something else (such as SSL protocol mismatch). 
    1091     if getattr(e, 'errno', None) == ssl.SSL_ERROR_SSL: 
-> 1092      raise SSLHandshakeError(e) 
    1093     else: 
    1094      raise 

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) 

是否有一個系統範圍的或全球定爲這樣的問題？

Answer 1

當您構建您的http對象時，您是否嘗試過指向您的公司/ zscaler證書？

退房這樣的回答：https://stackoverflow.com/a/27856913

看起來oauth2client是導致錯誤的導入模塊。

您需要在您使用的oauth2client函數中傳遞位置參數'http'。

舉例來說，如果你正在使用oauth2client.tools.run_flow，你需要建立自己的HTTP對象，並把它作爲對Arg的這個功能：

http = httplib2.Http(disable_ssl_certificate_validation=True) 
tools.run_flow(flow, store, flags, http=http)