Discord.py 无法获得证书

2022-01-15 00:00:00 python discord.py ssl-certificate

问题描述

我是否必须在我的系统中安装/生成/下载新证书,或者我是否有可能以某种方式禁用 python 中的证书?(ubuntu 18,python 3.7,discord.py 最新)

Do I have to install/generate/download new certificate inside my system or is it possible for me somehow to disable certificates inside the python? (ubuntu 18, python 3.7, discord.py latest)

[INFO]  [2019.03.05 - 22:58:02]   Initializing Discord...

SSL handshake failed on verifying the certificate
protocol: <asyncio.sslproto.SSLProtocol object at 0xf4a9f8ec>
transport: <_SelectorSocketTransport fd=12 read=polling write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "./build/Lib/asyncio/sslproto.py", line 625, in _on_handshake_complete
  File "./build/Lib/asyncio/sslproto.py", line 189, in feed_ssldata
  File "./build/Lib/ssl.py", line 763, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)

SSL error in data received
protocol: <asyncio.sslproto.SSLProtocol object at 0xf4a9f8ec>
transport: <_SelectorSocketTransport closing fd=12 read=idle write=<idle, bufsize=0>>
Traceback (most recent call last):
  File "./build/Lib/asyncio/sslproto.py", line 526, in data_received
  File "./build/Lib/asyncio/sslproto.py", line 189, in feed_ssldata
  File "./build/Lib/ssl.py", line 763, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)

[ERROR] [2019.03.05 - 22:58:02]   
2019.03.05 - 22:58:02:
  Top:  file: [sv_custom.py], method: init()
  Root: file: [connector.py], line 974, cause: in _create_direct_connection [File "./../source/aiohttp.whl/aiohttp/connector.py", line 927, in _wrap_create_connection]
  aiohttp.client_exceptions.ClientConnectorCertificateError:
  Cannot connect to host discordapp.com:443 ssl:True [SSLCertVerificationError: (1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1051)')]

这是通过游戏客户端内部的 python 完成的.如果我从系统的 python (3.6) 中做同样的事情 - 没有错误,连接很好.他们说"这可能是因为游戏客户端没有看到根证书"或类似的东西.

This is done from the python that is inside the game client. If I do the same from the system's python (3.6) - no errors, connection is fine. "They say" it could be because the game client does not see "root certificates" or something like that.

更新:了解如何检查证书.

Update: Found out how to check certificates.

(with ssl error)
Initializing Discord...
DefaultVerifyPaths(cafile=None, capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/ssl/certs')


(this works fine)
igor@Linbox:~/Downloads$ python3.6 -c "import ssl; print(ssl.get_default_verify_paths())"
DefaultVerifyPaths(cafile=None, capath='/usr/lib/ssl/certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/lib/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/lib/ssl/certs')

猜猜我的问题是 capath 是空的.

Guess that is my problem that capath is empty.


解决方案

没想到解决方案看起来很简单:

Unexpectedly the solution appeared quite simple:

ssl.get_default_verify_paths() 用于带有 ssl 错误的 python 指向:openssl_capath='/usr/local/ssl/certs' 而本机"系统中的 python 显示 openssl_capath='/usr/lib/ssl/certs'.

ssl.get_default_verify_paths() for the python with the ssl error was pointing to: openssl_capath='/usr/local/ssl/certs' while the "native" python from the system showed openssl_capath='/usr/lib/ssl/certs'.

DefaultVerifyPaths(
  cafile=None,
  capath=None,
  openssl_cafile_env='SSL_CERT_FILE',
  openssl_cafile='/usr/local/ssl/cert.pem',
  openssl_capath_env='SSL_CERT_DIR',
  openssl_capath='/usr/local/ssl/certs'
)

我已经检查了两个位置:'/usr/local/' - 为空(没有 ssl/certs 文件夹)'/usr/lib/ssl/certs' 有一个指向 '/etc/ssl/certs' 的符号链接所以我做了同样的符号链接:在 '/usr/local/' 里面添加了 '/ssl/' + ln -s '/etc/ssl/certs' 证书

I've checked both locations: '/usr/local/' - was empty (it had no ssl/certs folders) '/usr/lib/ssl/certs' had a symlink to '/etc/ssl/certs' So I made the same symlink: inside '/usr/local/' added '/ssl/' + ln -s '/etc/ssl/certs' certs

然后我再次检查了 ssl.get_default_verify_paths()

DefaultVerifyPaths(
  cafile=None,
  capath='/usr/local/ssl/certs',  <-- not empty now
  openssl_cafile_env='SSL_CERT_FILE',
  openssl_cafile='/usr/local/ssl/cert.pem',
  openssl_capath_env='SSL_CERT_DIR',
  openssl_capath='/usr/local/ssl/certs'
)

问题消失了.它现在正在工作.

The problem disappeared. It is working now.

相关文章