pyoperalink: certificate verify failed

If you’re trying to use pyoperalink and you’re getting certificate verification errors:

httplib2.SSLHandshakeError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

That might be because libhttpd2’s root certificate list is too short (I don’t know why).

Quick solution: Download this cacert.pem and save as Python\Lib\libhttpd2\cacerts.txt or Python\Lib\site-packages\libhttp2\cacerts.txt. You’ll need administrator privileges and make a backup of cacerts.txt beforehand.

Ostensible explanation: Certificates are chained: there’s a handful of root certificates which are used to sign site certificates or second-layer certificates and so on. Open auth.opera.com and study the certificate (in Opera you have to click the green placard in the address bar). At the time of writing the topmost certificate in its chain is “DigiCert High Assurance EV CA-1”.

Open cacerts.txt. This is the root certificates libhttpd2 understands. Search for “DigiCert” or “Digi”: no matches. Thus, libhttpd2 does not trust the “DigiCert High Assurance”. It has to be added to this list. “Quick solution” does this by replacing the file with a longer list of trusted certificates extracted from the list at mozilla.org. You can use any other list in compatible format which contains root certificates you need. (You should study the source before copying it because I may be malevolent or mistaken myself).

Напишите комментарий:

Если хотите, можно залогиниться.

*