python - 调用 apiclient.discovery.build 时 URL 的 SSL 证书无效和/或丢失

Question

所以我使用 dev_appserver.py 在本地运行我的 google 端点。我使用 API Explorer 来测试应用程序。

我用来创建服务，所以我可以调用 API 的代码如下:

from apiclient.discovery import build 
from oauth2client.client import GoogleCredentials
credentials = GoogleCredentials.get_application_default()
service = build('speech', 'v1beta1', credentials=credentials)

我收到 SSL 错误(无效和/或缺少 SSL 证书)，即使当我通过浏览器访问指定的 URL 时它工作正常(即显示绿色挂锁)。

我不确定发生了什么变化，但不久前它还可以正常工作。

我尝试禁用 SSL 检查，但未能成功。

完整日志如下:

INFO     2017-01-02 03:12:02,724 discovery.py:267] URL being requested: GET https://www.googleapis.com/discovery/v1/apis/speech/v1beta1/rest?userIp=0.2.0.3
ERROR    2017-01-02 03:12:03,022 wsgi.py:263] 
Traceback (most recent call last):
  File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 240, in Handle
    handler = _config_handle.add_wsgi_middleware(self._LoadHandler())
  File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 299, in _LoadHandler
    handler, path, err = LoadObject(self._handler)
  File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/runtime/wsgi.py", line 85, in LoadObject
    obj = __import__(path[0])
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/api.py", line 28, in <module>
    service = build('speech', 'v1beta1', credentials=credentials)
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/oauth2client/_helpers.py", line 133, in positional_wrapper
    return wrapped(*args, **kwargs)
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/googleapiclient/discovery.py", line 222, in build
    cache)
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/googleapiclient/discovery.py", line 269, in _retrieve_discovery_doc
    resp, content = http.request(actual_url)
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/httplib2/__init__.py", line 1609, in request
    (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/httplib2/__init__.py", line 1351, in _request
    (response, content) = self._conn_request(conn, request_uri, method, body, headers)
  File "/mnt/b117/home/vini/udacity/cerci-endpoint/lib/httplib2/__init__.py", line 1307, in _conn_request
    response = conn.getresponse()
  File "/home/vini/opt/google-cloud-sdk/platform/google_appengine/google/appengine/dist27/gae_override/httplib.py", line 532, in getresponse
    raise HTTPException(str(e))
HTTPException: Invalid and/or missing SSL certificate for URL: https://www.googleapis.com/discovery/v1/apis/speech/v1beta1/rest?userIp=0.2.0.3

任何想法可能导致此问题？

我是否必须“安装”或更新 python 使用的 SSL 证书？

Answer 1

根据App Engine issue 13477似乎在 urlfetch_cacerts.txt 中找到了一些证书包含在 App Engine Python SDK 中/gcloud-sdk已过期2017-01-01 .

作为临时解决方法，您可以替换 <your-cloud-sdk-path>/platform/google_appengine/lib/cacerts/urlfetch_cacerts.txt 的内容与 https://curl.haxx.se/ca/cacert.pem