Alpine 3.3,Python 2.7.11,urllib2 导致 SSL:CERTIFICATE_VERIFY_FAILED
Alpine 3.3, Python 2.7.11, urllib2 causing SSL: CERTIFICATE_VERIFY_FAILED
我有这个小 Dockerfile
FROM alpine:3.3
RUN apk --update add python
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
使用 docker build -t alpine-py/01 . 构建它然后使用 docker run -it --rm alpine-py/01 运行 创建以下输出
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>
昨天我被最近发布的 OpenSSL 1.0.2g 咬了一口,导致 py-cryptograpy 无法编译。幸运的是,几个小时后 py-cryptography 的人在 PyPI 上发布了一个新版本。问题是 OpenSSL 中的函数获得了新签名。
这可能是相关的还是我遗漏了什么?
您需要安装 ca 证书才能验证由 public 个 CA 签名的证书:
FROM alpine:3.3
RUN apk --no-cache add python ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
您将需要升级 Alpine,因为 libssl 需要使用补丁进行升级
FROM alpine:3.3
RUN apk -U upgrade && \
apk -U add python ca-certificates && \
update-ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
apk -U 升级将升级这些:
- libcrypto1.0 (1.0.2e-r0 -> 1.0.2g-r0)
- libssl1.0 (1.0.2e-r0 -> 1.0.2g-r0)
我有这个小 Dockerfile
FROM alpine:3.3
RUN apk --update add python
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
使用 docker build -t alpine-py/01 . 构建它然后使用 docker run -it --rm alpine-py/01 运行 创建以下输出
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/usr/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/usr/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>
昨天我被最近发布的 OpenSSL 1.0.2g 咬了一口,导致 py-cryptograpy 无法编译。幸运的是,几个小时后 py-cryptography 的人在 PyPI 上发布了一个新版本。问题是 OpenSSL 中的函数获得了新签名。
这可能是相关的还是我遗漏了什么?
您需要安装 ca 证书才能验证由 public 个 CA 签名的证书:
FROM alpine:3.3
RUN apk --no-cache add python ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
您将需要升级 Alpine,因为 libssl 需要使用补丁进行升级
FROM alpine:3.3
RUN apk -U upgrade && \
apk -U add python ca-certificates && \
update-ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]
apk -U 升级将升级这些:
- libcrypto1.0 (1.0.2e-r0 -> 1.0.2g-r0)
- libssl1.0 (1.0.2e-r0 -> 1.0.2g-r0)