SSL: 在GAE/Go上出现CERTIFICATE_VERIFY_FAILED错误。

huangapple go评论107阅读模式
英文:

SSL: CERTIFICATE_VERIFY_FAILED on GAE/Go

问题

我正在开发 GAE/Go 应用程序,并尝试从本地开发服务器连接 Google BigQuery。

我的代码如下所示。

import (
  "cloud.google.com/go/bigquery"
  "golang.org/x/net/context"
  "google.golang.org/api/option"
  gaeLog "google.golang.org/appengine/log"
  newappengine "google.golang.org/appengine"
)

func MyFunc(c *gin.Context) {
  r := c.Request
  ctx := newappengine.NewContext(r)
  client, err := bigquery.NewClient(ctx, PROJECT_ID, option.WithServiceAccountFile(SERVICE_ACCOUNT_JSON_FILE_PATH))
  if err != nil {
    (错误处理)
  }

  tableList := client.Dataset(DATASET_ID).Tables(ctx)
  for {
    v, err := tableList.Next()
    if err == iterator.Done {
      break
    } else if err != nil {
      gaeLog.Errorf(ctx, "获取元信息失败:%v", err)
      return
    }
    // 其他操作
  }
}

我使用 goapp.bat serve 命令启动了本地开发服务器。当我发送请求时,出现了错误。

api_dev.go:344: 错误:获取元信息失败:Get https://www.googleapis.com/bigquery/v2/projects/myproject/datasets/mydataset/tables?alt=json&pageToken=: oauth2: 无法获取令牌:Post https://accounts.google.com/o/oauth2/token: API 错误 6 (urlfetch: SSL_CERTIFICATE_ERROR): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

我搜索了 "CERTIFICATE_VERIFY_FAILED",但我找到的都是 Python 程序。我的应用程序是 GAE/Go 程序。

我该如何避免这个错误?

英文:

I am developing GAE/Go application and trying to connect Google Big Query from local development server.

My code is like this.

import (
  "cloud.google.com/go/bigquery"
  "golang.org/x/net/context"
  "google.golang.org/api/option"
  gaeLog "google.golang.org/appengine/log"
  newappengine "google.golang.org/appengine"
)

func MyFunc(c *gin.Context) {
  r := c.Request
  ctx := newappengine.NewContext(r)
  client, err := bigquery.NewClient(ctx, PROJECT_ID, option.WithServiceAccountFile(SERVICE_ACCOUNT_JSON_FILE_PATH))
  if err != nil {
	  (Error Handling)
  }

  tableList := client.Dataset(DATASET_ID).Tables(ctx)
  for {
	v, err := tableList.Next()
	if err == iterator.Done {
		break
	} else if err != nil {
		gaeLog.Errorf(ctx, "Failed to get meta-info: %v", err)
		return
	}
    :
  }
}

I invoked local development server with goapp.bat serve command.
When I posted a request, I got an error.

api_dev.go:344: ERROR: Failed to get meta-info: Get https://www.googleapis.com/bigquery/v2/projects/myproject/datasets/mydataset/tables?alt=json&pageToken=: oauth2: cannot fetch token: Post https://accounts.google.com/o/oauth2/token: API error 6 (urlfetch: SSL_CERTIFICATE_ERROR): [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)

I googled "CERTIFICATE_VERIFY_FAILED", but all I can find is python program. My application is GAE/Go program.

How can I avoid this error?

答案1

得分: 2

这是因为Google已经更新了他们的服务器证书,但是他们没有通知Go SDK团队,所以Go SDK仍然使用旧的证书。

解决方案似乎相当简单。

  1. 进入google_appengine\lib\cacerts\目录。
  2. cacerts.txt重命名为cacerts.txt.old,将urlfetch_cacerts.txt重命名为urlfetch_cacerts.txt.old
  3. 下载Python Linux SDK 1.9.52
  4. 在这个Python SDK中,也有一个google_appengine\lib\cacerts\目录,里面有这两个证书文件。将它们复制到你的Go SDK中。
  5. 庆祝吧!你现在拥有更新的证书。
英文:

This is because Google has updated their server certificates but have not notified the Go SDK team of this, which still has the old certs.

The solution seems fairly simple.

  1. Go to google_appengine\lib\cacerts\
  2. Rename cacerts.txt to cacerts.txt.old, and urlfetch_cacerts.txt to urlfetch_cacerts.txt.old
  3. Download the Python Linux SDK 1.9.52.
  4. In this Python SDK there's also google_appengine\lib\cacerts\ directory with those two cert files. Copy them over to your Go SDK.
  5. Rejoice! You now have newer certs.

huangapple
  • 本文由 发表于 2017年4月3日 12:46:17
  • 转载请务必保留本文链接:https://go.coder-hub.com/43176652.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定