如何在Facebook图形api上使用twisted.web.client.Agent时处理OpenSSL.SSL.Error?
[英]How to handle OpenSSL.SSL.Error while using twisted.web.client.Agent on Facebook graph api?
问题描述
I am running the ff. 
我正在运行ff。 code from a virtualenv on Mac OS X (Yosemite): 来自Mac OS X(优胜美地)上的virtualenv的代码:
# testfb.py
from twisted.internet import reactor
from twisted.python import log
from twisted.web.client import Agent
GRAPH_API = "https://graph.facebook.com/v2.5"
def stop(_):
reactor.stop()
def get_me(access_token):
agent = Agent(reactor)
uri = "{}/me?access_token={}".format(GRAPH_API, access_token)
log.msg("uri:" + uri)
return agent.request("GET", uri)
if __name__ == "__main__":
import sys
access_token = sys.argv[1]
d = get_me(access_token)
d.addErrback(log.err)
d.addCallback(stop)
reactor.run()
And I get: 我得到:
Failure: twisted.web._newclient.ResponseNeverReceived: [<twisted.python.failure.Failure OpenSSL.SSL.Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]>]
I don't have this issue when I call the uri in curl. 当我用卷毛打电话给uri时,我没有这个问题。
BTW, I also installed service_identity using pip on the virtualenv. 顺便说一下,我还在virtualenv上使用pip安装了service_identity。
1 个解决方案
解决方案1
6 已采纳 2015-11-09 05:18:01
You probably don't have any OpenSSL trust roots configured. 您可能没有配置任何OpenSSL信任根。 This used to happen automatically by accident because Cryptography linked against the built-in version of OpenSSL from OS X. Since the headers for that version were removed in El Capitan, Cryptography now ships wheels with their own built-in version of pyOpenSSL. 这曾经是偶然发生的,因为Cryptography与OS X中的OpenSSL内置版本相关联。由于El Capitan中删除了该版本的标题,因此Cryptography现在发布了带有自己内置版本的pyOpenSSL的轮子。
This is a bug in Twisted, and we know about it; 这是Twisted中的一个错误,我们知道它; you can read more about it here: https://twistedmatrix.com/trac/ticket/6372 . 你可以在这里阅读更多相关信息: https : //twistedmatrix.com/trac/ticket/6372 。 It's been open for a while; 它已经开放了一段时间; because it worked by accident for a long time, it hasn't been a high priority. 因为它在很长一段时间内都是偶然的,所以它并不是一个高优先级。 Thanks to bug reports from folks like you, this is changing... 感谢像你这样的人的错误报告,这正在改变......
In the meanwhile, though, you have two possible options. 同时,你有两种可能的选择。
One is that you can install OpenSSL from Homebrew , which will automatically put some certificate authority certificates in the default location that Cryptography's OpenSSL is already looking for them, with brew install openssl . 一个是你可以从Homebrew安装OpenSSL,它会自动将一些证书颁发机构证书放在Cryptography的OpenSSL已经在寻找它们的默认位置,使用brew install openssl 。 (You can see these certificate authority certificates in /usr/local/etc/openssl/cert.pem after installing it) (安装后可以在/usr/local/etc/openssl/cert.pem看到这些证书颁发机构证书)
Another is that you can get some certificates from Certifi , and then set the ( undocumented ) environment variable that tells OpenSSL to look for them, by doing, for example, export SSL_CERT_FILE="$(python -m certifi)" in your shell before invoking your Python program. 另一个是您可以从Certifi获取一些证书,然后设置( 未记录的 )环境变量,告诉OpenSSL查找它们,例如,在您的shell中执行export SSL_CERT_FILE="$(python -m certifi)"之前调用你的Python程序。
Sorry for the, and I hope this answers your question! 对不起,我希望这能回答你的问题!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.