通过 httplib2 对 registry.gitlab.com 的 SSL 验证失败
SSL verification for registry.gitlab.com via httplib2 fails
我使用 bazel 将 docker 图像发布到 gitlab regitry。上周,bazel 命令开始失败。我能够将问题缩小到 httplib2。
下面的代码示例可用于重现该问题。
import httplib
import httplib2
conn = httplib.HTTPSConnection("registry.gitlab.com")
conn.request("GET", "/")
r1 = conn.getresponse()
print r1.status, r1.reason
httplib2.Http().request('https://registry.gitlab.com')
上面的输出是:
200 OK
Traceback (most recent call last):
File "deleteMe.py", line 9, in <module>
httplib2.Http().request('https://registry.gitlab.com')
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 2135, in request
cachekey,
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1796, in _request
conn, request_uri, method, body, headers
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1701, in _conn_request
conn.connect()
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1411, in connect
raise SSLHandshakeError(e)
httplib2.SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)
Wireshark 中显示的错误是 'Description: Unknown CA (48)'
我已经尝试通过 openssl 验证 gitlab 证书,但没有发现任何问题。
我尝试在 httplib2 定义中指定 gitlab 证书,但我得到了同样的错误。
h = httplib2.Http(ca_certs='./registrygitlabcom.crt')
h.request('https://registry.gitlab.com')
任何关于我应该做什么或尝试的指示...谢谢!
我想我已经找到答案了。将它张贴在这里,供可能 运行 参与其中的任何人使用。
httplib2 使用的根证书来自 cacerts.txt 文件。
(https://github.com/httplib2/httplib2/blob/master/python2/httplib2/cacerts.txt)
registry.gitlab.com 可能上周更换了根 CA,这引发了问题。
我使用 bazel 将 docker 图像发布到 gitlab regitry。上周,bazel 命令开始失败。我能够将问题缩小到 httplib2。
下面的代码示例可用于重现该问题。
import httplib
import httplib2
conn = httplib.HTTPSConnection("registry.gitlab.com")
conn.request("GET", "/")
r1 = conn.getresponse()
print r1.status, r1.reason
httplib2.Http().request('https://registry.gitlab.com')
上面的输出是:
200 OK
Traceback (most recent call last):
File "deleteMe.py", line 9, in <module>
httplib2.Http().request('https://registry.gitlab.com')
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 2135, in request
cachekey,
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1796, in _request
conn, request_uri, method, body, headers
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1701, in _conn_request
conn.connect()
File "/Users/joint/Library/Python/2.7/lib/python/site-packages/httplib2/__init__.py", line 1411, in connect
raise SSLHandshakeError(e)
httplib2.SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:726)
Wireshark 中显示的错误是 'Description: Unknown CA (48)'
我已经尝试通过 openssl 验证 gitlab 证书,但没有发现任何问题。
我尝试在 httplib2 定义中指定 gitlab 证书,但我得到了同样的错误。
h = httplib2.Http(ca_certs='./registrygitlabcom.crt')
h.request('https://registry.gitlab.com')
任何关于我应该做什么或尝试的指示...谢谢!
我想我已经找到答案了。将它张贴在这里,供可能 运行 参与其中的任何人使用。
httplib2 使用的根证书来自 cacerts.txt 文件。 (https://github.com/httplib2/httplib2/blob/master/python2/httplib2/cacerts.txt)
registry.gitlab.com 可能上周更换了根 CA,这引发了问题。