cacerts.txt包含的CA太少。如果将其替换为cacert.pem,则不会出现ssl错误。这是一个测试脚本:
#!/usr/bin/env python3import http.clientimport ssl####context = ssl.create_default_context(cafile='cacerts.txt') # ssl.SSLError####context = ssl.create_default_context(cafile='cacert.pem') # works context = ssl.create_default_context() # works as is on the recent versions#NOTE: ssl.CERT_REQUIRED is set for the default Purpose.SERVER_AUTHh = http.client.HTTPSConnection('api.instagram.com', 443, context=context)h.request('POST', '/oauth/access_token')resp = h.getresponse()print(resp.status, resp.reason) # produce expected 400 http errorprint(resp.headers)print(resp.read())如示例所示,在最新的软件版本上,默认的CA列表可能就足够了。
欢迎分享,转载请注明来源:内存溢出
微信扫一扫
支付宝扫一扫
评论列表(0条)