#3471 API Documentation: oauth, httplib2 and example code [23285]
https://sourceforge.net/apps/trac/sourceforge/ticket/23285
Hi,
I'm playing with the API2.0 Beta documentation and tried the example Python code. I've registered consumer key and consumer secret as shown in https://sourceforge.net/auth/oauth/.
However, it fails with the following line:
resp, content = client.request(REQUEST_TOKEN_URL, 'GET')
and gives the following error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.6/site-packages/httplib2/__init__.py", line 1436, in request
(response, content) = self._request(conn, authority, uri, request_uri, method, body, headers, redirections, cachekey)
File "/usr/lib/python2.6/site-packages/httplib2/__init__.py", line 1188, in _request
(response, content) = self._conn_request(conn, request_uri, method, body, headers)
File "/usr/lib/python2.6/site-packages/httplib2/__init__.py", line 1123, in _conn_request
conn.connect()
File "/usr/lib/python2.6/site-packages/httplib2/__init__.py", line 911, in connect
raise SSLHandshakeError(e)
httplib2.SSLHandshakeError: [Errno 1] _ssl.c:482: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
After searching the Web for a solution, it appeared it is the underlying httplib2 module and the cacerts.txt file. It does not contain the server certificate for GeoTrust, the certificate authority for Sourceforge. See also Script to generate CAs for some background information.
Ok, I've used the solution presented in Issue#170 and replaced the cacerts.txt file. After using the updated file, the above error disappeared. However, the resp["status"] is still 200 as investigated when printing the variable resp:
>>> resp
{'status': '200',
'content-length': '132',
'content-location': u'https://sourceforge.net/rest/oauth/request_token?oauth_body_hash=2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D&oauth_nonce=14745591&oauth_timestamp=1324236264&oauth_consumer_key=bd382c0faabcfe329da3&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=JAcK46HHRrO0kbcZK7tApRPMHRY%3D',
'set-cookie': '_session_id=578ec1b2bc211431dde798366c9f46478f27a156202f8b8cf05d541254df5438786fd1d5e37b8bd7; Path=/',
'server': 'nginx/0.8.54',
'connection': 'close',
'pragma': 'no-cache',
'cache-control': 'no-cache',
'date': 'Sun, 18 Dec 2011 19:24:24 GMT',
'content-type': 'text/html; charset=utf-8'}
Do you have some recommendations, tips, or anything else to solve this issue?
Thanks!
This is a bit beyond me, thoughts?
A simple (less secure) workaround would be to use http instead of https in the oauth URLs on sourceforge.net
It's not clear to me what the best way to do this. Another httplib2 issue, specifically for geotrust certificates, is http://code.google.com/p/httplib2/issues/detail?id=156 But httplib2 devs don't seem interested in updating it. In the oauth2 package, there is an issue https://github.com/simplegeo/python-oauth2/pull/97 to work around the httplib2 problem, but that has not been adopted either.
I'm still playing around with it, but I think it should work to
pip install certifiand then immediately after constructing anoauth.Client, setclient.ca_certs = certifi.where()Setting ca_certs to certifi.where() is working well for me. I've updated the API2.0 Beta docs accordingly.