Android 存储库 SSL CERTIFICATE_VERIFY_FAILED

Question

I'm trying to follow Google's documentation to build my own version of Android, but it fails on the "repo init" state (step 2 of section 2): https://source.android.com/source/downloading.html

When I run 'repo init -u https://android.googlesource.com/platform/manifest'

it answers with

fatal: Cannot get https://gerrit.googlesource.com/git-repo/clone.bundle
fatal: error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I don't really know what to try, besides making sure I have all the proper tools ( I do, a brand new Macbook Pro w/ El Capitan, Python 2.7, GPG installed, all of that.) What could I have forgotten to do? Is there anything I can do to disable the SSL check, change the certificate, or anything like that?

Answer 1

Python, since v2.7.9, will by default now check the SSL certificates. To revert to the correct behavior for the repo script, set up an environment variable PYTHONHTTPSVERIFY=0.

This will shut off all certificate verification.

The repo script should now run as advertised.

Answer 2

Most likely this is happening because you're using macports python.

$ port select --list python
Available versions for python:
    none
    python26-apple
    python27 (active)
    python27-apple
$ sudo port select --set python python27-apple
Selecting 'python27-apple' for 'python' succeeded. 'python27-apple' is now active.

The underlying problem is that OS X stores CA root certificates in the Keychain ring, but python.org python does not query the Keychain ring. See http://bugs.python.org/issue17128

Answer 3

OK, I fixed this by setting the environment variable PYTHONHTTPSVERIFY to 0

export PYTHONHTTPSVERIFY=0