Python SSL的系统级解决方案：CERTIFICATE_VERIFY_FAILED

Question

我们公司的IT安全团队使用中间证书（ZScaler）来验证SSL流量。这会对使用SSL的任何实用程序或API封装器造成问题，例如httplib2的，请求等

我已经找到了当我代码调用的模块，例如解决方案ssl_verify=False等等，但问题是当这些库被调用时，在其他人的代码的隐藏深处。

例如：

service = googleapiclient.discovery.build('vision', 'v1') 

它抛出的错误：

--------------------------------------------------------------------------- 
SSLHandshakeError       Traceback (most recent call last) 
<ipython-input-4-70a8fbe53fc9> in <module>() 
----> 1 service = googleapiclient.discovery.build('vision', 'v1') 

/usr/local/anaconda/lib/python2.7/site-packages/oauth2client/_helpers.pyc in positional_wrapper(*args, **kwargs) 
    131     elif positional_parameters_enforcement == POSITIONAL_WARNING: 
    132      logger.warning(message) 
--> 133    return wrapped(*args, **kwargs) 
    134   return positional_wrapper 
    135 

/usr/local/anaconda/lib/python2.7/site-packages/googleapiclient/discovery.pyc in build(serviceName, version, http, discoveryServiceUrl, developerKey, model, requestBuilder, credentials, cache_discovery, cache) 
    226  try: 
    227  content = _retrieve_discovery_doc(
--> 228   requested_url, discovery_http, cache_discovery, cache) 
    229  return build_from_document(content, base=discovery_url, http=http, 
    230   developerKey=developerKey, model=model, requestBuilder=requestBuilder, 

/usr/local/anaconda/lib/python2.7/site-packages/googleapiclient/discovery.pyc in _retrieve_discovery_doc(url, http, cache_discovery, cache) 
    273 logger.info('URL being requested: GET %s', actual_url) 
    274 
--> 275 resp, content = http.request(actual_url) 
    276 
    277 if resp.status >= 400: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in request(self, uri, method, body, headers, redirections, connection_type) 
    1657      content = "" 
    1658     else: 
-> 1659      (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey) 
    1660   except Exception, e: 
    1661    if self.force_exception_to_status_code: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in _request(self, conn, host, absolute_uri, request_uri, method, body, headers, redirections, cachekey) 
    1397    auth.request(method, request_uri, headers, body) 
    1398 
-> 1399   (response, content) = self._conn_request(conn, request_uri, method, body, headers) 
    1400 
    1401   if auth: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in _conn_request(self, conn, request_uri, method, body, headers) 
    1317    try: 
    1318     if hasattr(conn, 'sock') and conn.sock is None: 
-> 1319      conn.connect() 
    1320     conn.request(method, request_uri, body, headers) 
    1321    except socket.timeout: 

/usr/local/anaconda/lib/python2.7/site-packages/httplib2/__init__.pyc in connect(self) 
    1090     # something else (such as SSL protocol mismatch). 
    1091     if getattr(e, 'errno', None) == ssl.SSL_ERROR_SSL: 
-> 1092      raise SSLHandshakeError(e) 
    1093     else: 
    1094      raise 

SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) 

是否有一个系统范围的或全球定为这样的问题？

Answer 1

当您构建您的http对象时，您是否尝试过指向您的公司/ zscaler证书？

退房这样的回答：https://stackoverflow.com/a/27856913

看起来oauth2client是导致错误的导入模块。

您需要在您使用的oauth2client函数中传递位置参数'http'。

举例来说，如果你正在使用oauth2client.tools.run_flow，你需要建立自己的HTTP对象，并把它作为对Arg的这个功能：

http = httplib2.Http(disable_ssl_certificate_validation=True) 
tools.run_flow(flow, store, flags, http=http)