logo
Splunk Team

how to update cacerts.txt of httplib2 for github?

  • Last Update :
  • Techknowledgy :

Text of certificate could be pasted to the httplib2.__path__ + '/cacerts.txt', or saved to separate file and than http connection should be created with:

h = httplib2.Http(ca_certs = '/path/to/that/file')

just update httplib2 package by

pip install--upgrade httplib2

also if you use boto.txt file then you might use like boto.txt

ca_certificates_file = /etc/ssl / certs / ca - bundle.crt < -- - location of your system cert

or you can specify your httplib2 cacerts.txt file by

ca_certificates_file = /usr/local / lib / python2 .7 / dist - packages / httplib2 / python2 / httplib2 / cacerts.txt

Suggestion : 2

I’am trying to use httplib2 to communicate with this service:,I faced the same issue using flask-oidc which is using httplib2 (see puiterwijk/flask-oidc#52). The only way I found to fix that issue was to add the custom certificate in the cacerts.txt file. cat mycacert.crt >> cacerts.txt,Debian (and derivatives) have a patch in the system provided packages to solve this. This means apt install python-httplib2 or apt install python3-httplib2 will solve your issue as long as your software will use the system package (dist-packages Python path). Reference: https://sources.debian.org/patches/python-httplib2/0.9.2+dfsg-1/use_system_cacerts.patch/ - it simply removes the bundled cacerts.txt file and points to the system provided one.,if not given, the former extension using httplib2 ca_certs_locater is requested for a system CA bundle

I’am trying to use httplib2 to communicate with this service:

h = httplib2.Http(ca_certs = '/etc/ssl/certs/ca-certificates.crt')
resp, cont = h.request('https://foo.localdomain')

The above fails to perform a proper handshake, but unfortunately it returns poor feedback on where the actual problem is:

Traceback (most recent call last):
File "example.py", line 3, in <module>
   resp, cont = h.request('https://foo.localdomain')
   File "/home/malex/pyenv/local/lib/python2.7/site-packages/httplib2/__init__.py", line 1609, in request
   (response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
   File "/home/malex/pyenv/local/lib/python2.7/site-packages/httplib2/__init__.py", line 1351, in _request
   (response, content) = self._conn_request(conn, request_uri, method, body, headers)
   File "/home/malex/pyenv/local/lib/python2.7/site-packages/httplib2/__init__.py", line 1272, in _conn_request
   conn.connect()
   File "/home/malex/pyenv/local/lib/python2.7/site-packages/httplib2/__init__.py", line 1059, in connect
   raise SSLHandshakeError(e)
   httplib2.SSLHandshakeError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)

At the same time, the following s_client test succeeds (certificate verification returns 0):

openssl s_client - connect foo.localdomain: 443 - servername foo.localdomain - CAfile / etc / ssl / certs / ca - certificates.crt

@gertvdijk Did the #117 fix this error https://travis-ci.org/jans-forks/vcrpy/jobs/491864771#L834

server hit an exception serving request: EOF occurred in violation of protocol(_ssl.c: 1748)

My environment (pip freeze) is:

argparse == 1.2 .1
httplib2 == 0.9 .2
wsgiref == 0.1 .2

Can you do a quick test in Python console?

import socket
import ssl

context = ssl.create_default_context()
context.verify_mode = ssl.CERT_REQUIRED
context.check_hostname = True
context.load_verify_locations('/etc/ssl/certs/ca-certificates.crt')

conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname = 'foo.localdomain')
conn.connect(('foo.localdomain', 443))

Suggestion : 3

a. Set SHOTGUN_API_CACERTS to /path/to/shotgun_api3/lib/httplib2/cacerts.txt, a. Set SHOTGUN_API_CACERTS to /path/to/shotgun_api3/lib/httplib2/cacerts.txt or b. Update your scripts and set the ca_certs=/path/to/shotgun_api3/lib/httplib2/cacerts.txt when instantiating the Shotgun object. ,b. Update your scripts and set the ca_certs=/path/to/shotgun_api3/lib/httplib2/cacerts.txt when instantiating the Shotgun object.,Add the required CA certificate to the Windows Certificate Store. Windows 7 users may have to first upgrade to PowerShell 3.0 in order to use this solution, or alternatively use certutil to add the required certificate.

 $cert_url = "https://www.amazontrust.com/repository/SFSRootCAG2.cer"
 $cert_file = New - TemporaryFile
 Invoke - WebRequest - Uri $cert_url - UseBasicParsing - OutFile $cert_file.FullName
 Import - Certificate - FilePath $cert_file.FullName - CertStoreLocation Cert: \LocalMachine\ Root


Trending Technology


Most popular in python