私は次のように仮想のenvの下で実行しています:なぜurllib3/idnaはX509証明書のワイルドカードについて不平を言っていますか?どうすれば修正できますか?
setuptools==26.1.1
td-client==0.5.0
urllib3[secure]==1.17
を伴うSNIMissingWarningにurllib3を使用して、私はそれを使用しない場合:
http://urllib3.readthedocs.io/en/latest/user-guide.html#ssl-py2
私も必要なシステムを持っていますユーザーガイドに記載されているパッケージ:ここ
dpkg -l | grep build-essential
ii build-essential 11.6ubuntu6 amd64 Informational list of build-essential packages
dpkg -l | grep libssl-dev
ii libssl-dev:amd64 1.0.1f-1ubuntu2.7 amd64 Secure Sockets Layer toolkit - development files
dpkg -l | grep libffi-dev
ii libffi-dev:amd64 3.1~rc1+r3.0.13-12 amd64 Foreign Function Interface library (development files)
dpkg -l | grep "\spython-dev\s"
ii python-dev 2.7.5-5ubuntu3 amd64 header files and a static library for Python (default)
は私のコードです:
#!./venv/bin/python
from argparse import ArgumentParser
import logging
import tdclient
import urllib3.contrib.pyopenssl
import certifi
import urllib3
def main():
for key in logging.Logger.manager.loggerDict:
if key == "tdclient.api": continue
if key == "tdclient": continue
logging.getLogger(key).setLevel(logging.DEBUG)
urllib3.contrib.pyopenssl.inject_into_urllib3()
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
key = getKey()
listTdTables(key)
def listTdTables(key):
with tdclient.Client(key) as client:
for db in client.databases():
for table in db.tables():
print(table.db_name)
print(table.table_name)
print(table.count)
def getKey():
parser = ArgumentParser()
parser.add_argument("-k", "--key", dest="key", help="key", required=True)
options = parser.parse_args()
return options.key
if __name__ == "__main__":
main()
私は取得していますスタックトレース:X509の
Traceback (most recent call last):
File "./akamai_pusher.py", line 35, in <module>
main()
File "./akamai_pusher.py", line 18, in main
listTdTables(key)
File "./akamai_pusher.py", line 22, in listTdTables
for db in client.databases():
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/tdclient/client.py", line 81, in databases
databases = self.api.list_databases()
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/tdclient/database_api.py", line 21, in list_databases
with self.get("/v3/database/list") as res:
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/tdclient/api.py", line 174, in get
response = self.send_request("GET", url, fields=params, headers=headers, decode_content=True, preload_content=False)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/tdclient/api.py", line 345, in send_request
return self.http.request(method, url, fields=fields, **kwargs)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/request.py", line 66, in request
**urlopen_kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/poolmanager.py", line 244, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 833, in _validate_conn
conn.connect()
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/connection.py", line 324, in connect
cert = self.sock.getpeercert()
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 312, in getpeercert
'subjectAltName': get_subj_alt_name(x509)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 185, in get_subj_alt_name
for name in ext.get_values_for_type(x509.DNSName)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 141, in _dnsname_to_stdlib
name = idna.encode(name)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/idna/core.py", line 355, in encode
result.append(alabel(label))
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/idna/core.py", line 276, in alabel
check_label(label)
File "/mnt/home/marc/repos/akamai_pusher/versions/1473977463594675887/venv/local/lib/python2.7/site-packages/idna/core.py", line 253, in check_label
raise InvalidCodepoint('Codepoint {0} at position {1} of {2} not allowed'.format(_unot(cp_value), pos+1, repr(label)))
idna.core.InvalidCodepoint: Codepoint U+002A at position 1 of u'*' not allowed
詳細CERT urllib3/IDNA(slighty変更getpeercert経由)にbarfingさ:
**************************************************************************************************
x509
**************************************************************************************************
Extensions:
0: CA:FALSE
1: TLS Web Server Authentication, TLS Web Client Authentication
2: Digital Signature, Key Encipherment
3:
Full Name:
URI:http://crl.godaddy.com/gdig2s1-39.crl
4: Policy: 2.16.840.1.114413.1.7.23.1
CPS: http://certificates.godaddy.com/repository/
5: OCSP - URI:http://ocsp.godaddy.com/
CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
6: keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
7: DNS:*.treasuredata.com, DNS:treasuredata.com
8: DE:83:BE:82:93:41:DD:66:0C:57:2C:31:48:CD:A9:D8:4E:9F:7A:D3
Issuer: <X509Name object '/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2'>
Not After: 20170120100704Z
Not Before: 20140410060603Z
Pubkey:
bits: 2048
type: 6
key: <cryptography.hazmat.backends.openssl.rsa._RSAPublicKey object at 0x7fede525bdd0>
sha1_fingerprint: 8C:55:93:A7:7A:83:D5:51:7F:8F:FB:43:A3:AC:04:31:F5:66:E0:72
sha256_fingerprint: 97:85:1A:38:D0:C4:48:3E:D7:B9:96:C4:BC:94:C6:EC:6F:5A:47:86:7E:78:48:CC:06:B6:AB:29:C4:3F:BE:67
Serial Number: 12259260892195744
Signature Algorith: sha256WithRSAEncryption
Subject: <X509Name object '/OU=Domain Control Validated/CN=*.treasuredata.com'>
Version: 2
Has Expired : False
Subject Name Hash: 28698744
**************************************************************************************************
を新例:sans tdclient:
まず、私は私の依存関係を単純化:
setuptools==26.1.1
urllib3[secure]==1.17
そしてコード:私はバージョンをダウングレードする必要がある提案hereを得た
*********** https://www.google.com ***********
Traceback (most recent call last):
File "./akamai_pusher.py", line 14, in main
print(http.request('GET', 'https://www.google.com', timeout=4.0))
File "/mnt/home/marc/repos/akamai_pusher/versions/1474000948101039366/venv/local/lib/python2.7/site-packages/urllib3/request.py", line 66, in request
**urlopen_kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474000948101039366/venv/local/lib/python2.7/site-packages/urllib3/request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474000948101039366/venv/local/lib/python2.7/site-packages/urllib3/poolmanager.py", line 244, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474000948101039366/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 624, in urlopen
raise SSLError(e)
SSLError: bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)
**********************************************
:
#!./venv/bin/python
import urllib3.contrib.pyopenssl
import certifi
import urllib3
import sys
import traceback
def main():
urllib3.contrib.pyopenssl.inject_into_urllib3()
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
try:
print("*********** https://www.google.com ***********")
print(http.request('GET', 'https://www.google.com', timeout=4.0))
print("********** https://www.facebook.com **********")
print(http.request('GET', 'https://www.facebook.com', timeout=4.0))
print("**********************************************")
except:
traceback.print_exc(limit=None, file=sys.stderr)
finally:
print("**********************************************")
if __name__ == "__main__":
main()
私は次の出力を得ました認定資格の2015.4.28へ:
setuptools==26.1.1
certifi==2015.4.28
urllib3[secure]==1.17
それはGoogleのリンクのために働いた。しかし、ではないTD-クライアントが持っていたのと同じ問題になってしまったFacebookのリンク、のために:(少なくとものpython 2.7の下で)urllib3 V1.17:
*********** https://www.google.com ***********
<urllib3.response.HTTPResponse object at 0x7fc1d8942590>
********** https://www.facebook.com **********
Traceback (most recent call last):
File "./akamai_pusher.py", line 16, in main
print(http.request('GET', 'https://www.facebook.com', timeout=4.0))
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/request.py", line 66, in request
**urlopen_kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/request.py", line 87, in request_encode_url
return self.urlopen(method, url, **extra_kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/poolmanager.py", line 244, in urlopen
response = conn.urlopen(method, u.request_uri, **kw)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 594, in urlopen
chunked=chunked)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 350, in _make_request
self._validate_conn(conn)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/connectionpool.py", line 833, in _validate_conn
conn.connect()
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/connection.py", line 324, in connect
cert = self.sock.getpeercert()
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 312, in getpeercert
'subjectAltName': get_subj_alt_name(x509)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 185, in get_subj_alt_name
for name in ext.get_values_for_type(x509.DNSName)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/urllib3/contrib/pyopenssl.py", line 141, in _dnsname_to_stdlib
name = idna.encode(name)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/idna/core.py", line 355, in encode
result.append(alabel(label))
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/idna/core.py", line 276, in alabel
check_label(label)
File "/mnt/home/marc/repos/akamai_pusher/versions/1474001584864131764/venv/local/lib/python2.7/site-packages/idna/core.py", line 253, in check_label
raise InvalidCodepoint('Codepoint {0} at position {1} of {2} not allowed'.format(_unot(cp_value), pos+1, repr(label)))
InvalidCodepoint: Codepoint U+002A at position 1 of u'*' not allowed
**********************************************
あなたがpoolmanagerを初期化するが、あなたはどこでもそれを使用していないようです。実際にあなたのプールマネージャーを使ってコードを共有できますか? –
私がプールマネージャーを追加した唯一の理由は、ユーザーガイドがプールマネージャーを作成したことだけでした。本当に、私は、urllib3.contrib.pyopenssl.inject_into_urllib3()の呼び出しによってurllibを使用するようにtdclientライブラリを取得することにのみ関心があります。 PoolManagerのインスタンス化は、urllib3ライブラリが正しくインストールされていることを示すだけです(私は思う)。いずれにしても、プールマネージャを直接使用してテストケースを作成しました。私は上記に投稿します。 –
私は現在、移動中です。私は問題を作成しましたが([https://github.com/shazow/urllib3/issues/979)誰かがこれを修正するか、1.17であなたを助けることができるかもしれません。 –