AppEngine 本地开发服务器上的 Braintree SDK SSLCertificateError
Braintree SDK SSLCertificateError on AppEngine local dev server
在我的本地 dev_appserver.py 下使用 Braintree SDK 在 braintree.ClientToken.generate() 上返回以下错误:
SSLError: SSLCertificateError:
Invalid and/or missing SSL certificate for URL:
https://api.sandbox.braintreegateway.com:443/merchants/<merchant_id>/client_token
我在我的服务器启动时使用 requests_toolbelt:
# Make requests work in GAE
import requests
from requests_toolbelt.adapters import appengine
appengine.monkeypatch()
明确排除 SSL 验证也不起作用(returns 具有相同的错误消息):
appengine.monkeypatch(validate_certificate=False)
事实上,如果没有 requests_toolbelt,我在调用 .generate() 时得到的错误是:
ProtocolError('Connection aborted.', error(13, 'Permission denied'))
我也在 braintree-python-appengine 项目的 main.py 中尝试了破解,但我收到了相同的 SSL 错误消息。
我的开发环境:
- MacOSX 10.11.6
- gcloud 应用程序 Python 扩展 1.9.63
- Python 2.7.10
- 请求==2.18.4
- braintree==3.39.0
- 烧瓶==0.12.2
注:
- 部署到 Google App Engine 后,我毫无问题地取回了客户端令牌
- 直接在
https://www.braintreepayments.com/上使用requests returns 200没有任何错误
Braintree 支持人员在(2017-11-20 日)回复了我的询问:
The error you're receiving is generally related to the SSL/TLS protocols being used when your app is run; our sandbox environment requires connections to be made via TLS 1.2, a requirement that does not yet apply to production.
From review, it appears that the protocols being used when the app is deployed locally are not valid for our environment. If the app settings are localised within the Google App Engine, that may be the cause of the issue; Python uses the system-supplied OpenSSL, and TLSv1.2 requires OpenSSL 1.0.1c or later.
所以根本原因是我的 Python 版本使用了旧版本的 OpenSSL:
$ python --version
Python 2.7.10
$ python
>> import ssl
>> ssl.OPENSSL_VERSION
>> 'OpenSSL 0.9.8zh 14 Jan 2016'
解决方案是通过brew升级我的python版本:
$ brew install python
$ python2 --version
Python 2.7.14
$ python2
>> import ssl
>> ssl.OPENSSL_VERSION
>> 'OpenSSL 1.0.2m 2 Nov 2017'
然后,使用新安装的 python 启动我的开发服务器解决 SSLCertificateError:
python2 $appserver_path/dev_appserver.py ...
在我的本地 dev_appserver.py 下使用 Braintree SDK 在 braintree.ClientToken.generate() 上返回以下错误:
SSLError: SSLCertificateError:
Invalid and/or missing SSL certificate for URL:
https://api.sandbox.braintreegateway.com:443/merchants/<merchant_id>/client_token
我在我的服务器启动时使用 requests_toolbelt:
# Make requests work in GAE
import requests
from requests_toolbelt.adapters import appengine
appengine.monkeypatch()
明确排除 SSL 验证也不起作用(returns 具有相同的错误消息):
appengine.monkeypatch(validate_certificate=False)
事实上,如果没有 requests_toolbelt,我在调用 .generate() 时得到的错误是:
ProtocolError('Connection aborted.', error(13, 'Permission denied'))
我也在 braintree-python-appengine 项目的 main.py 中尝试了破解,但我收到了相同的 SSL 错误消息。
我的开发环境:
- MacOSX 10.11.6
- gcloud 应用程序 Python 扩展 1.9.63
- Python 2.7.10
- 请求==2.18.4
- braintree==3.39.0
- 烧瓶==0.12.2
注:
- 部署到 Google App Engine 后,我毫无问题地取回了客户端令牌
- 直接在
https://www.braintreepayments.com/上使用requestsreturns 200没有任何错误
Braintree 支持人员在(2017-11-20 日)回复了我的询问:
The error you're receiving is generally related to the SSL/TLS protocols being used when your app is run; our sandbox environment requires connections to be made via TLS 1.2, a requirement that does not yet apply to production.
From review, it appears that the protocols being used when the app is deployed locally are not valid for our environment. If the app settings are localised within the Google App Engine, that may be the cause of the issue; Python uses the system-supplied OpenSSL, and TLSv1.2 requires OpenSSL 1.0.1c or later.
所以根本原因是我的 Python 版本使用了旧版本的 OpenSSL:
$ python --version
Python 2.7.10
$ python
>> import ssl
>> ssl.OPENSSL_VERSION
>> 'OpenSSL 0.9.8zh 14 Jan 2016'
解决方案是通过brew升级我的python版本:
$ brew install python
$ python2 --version
Python 2.7.14
$ python2
>> import ssl
>> ssl.OPENSSL_VERSION
>> 'OpenSSL 1.0.2m 2 Nov 2017'
然后,使用新安装的 python 启动我的开发服务器解决 SSLCertificateError:
python2 $appserver_path/dev_appserver.py ...