禁用 errbot 证书验证
Disable errbot cert verification
由于 ssl 证书无效,我很难尝试将 errbot 连接到开发 HipChat 服务器。
日志:
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: ssl_cert
21:16:01 ERROR sleekxmpp.xmlstream.xmlst Could not match certficate against hostname: chat.btf.hipchat.com
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO errbot.core Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG sleekxmpp.thirdparty.stat ==== TRANSITION connected -> disconnected
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 WARNING sleekxmpp.xmlstream.xmlst Failed to send b"<stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>"
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO errbot.core Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG sleekxmpp.thirdparty.stat ==== TRANSITION connected -> disconnected
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 ERROR sleekxmpp.xmlstream.xmlst Socket Error #9: Bad file descriptor
即使我在 BOT_IDENTITY 中指定了“'verify': False”并且在配置中指定了 XMPP_CA_CERT_FILE = None,Errbot 仍保留验证证书。
部分配置:
BOT_IDENTITY = {
## HipChat mode (Comment the above if using this mode)
'username' : '1_2@chat.btf.hipchat.com',
'password' : '123qweASD',
## Group admins can create/view tokens on the settings page after logging
## in on HipChat's website
'token' : 'sometoken',
## If you're using HipChat server (self-hosted HipChat) then you should set
## the endpoint below. If you don't use HipChat server but use the hosted version
## of HipChat then you may leave this commented out.
'endpoint' : 'hipchat.test.intra',
'verify': False,
}
XMPP_CA_CERT_FILE = None
非常感谢任何让它发挥作用的想法。
此错误的来源发生在 verify 函数中,该函数验证证书在主机名和有效期方面是否有效。
在 errbot 的配置中设置的 XMPP_CA_CERT_FILE 的值最终会传递给 XMLStream class 中的 ca_certs,用于影响 cert_policy。这设置了 ssl.CERT_NONE 但即便如此,它 still calls verify.
这意味着目前您可以拥有一个(可能 self-signed)没有有效信任根的证书,但您仍然必须确保您要连接的主机名与证书的主机名 (CN) 相匹配. (这是 SleekXMPP,errbot 使用的底层 XMPP 库强加给我们的东西,而不是直接来自 errbot 本身的东西)。
由于 ssl 证书无效,我很难尝试将 errbot 连接到开发 HipChat 服务器。
日志:
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: ssl_cert
21:16:01 ERROR sleekxmpp.xmlstream.xmlst Could not match certficate against hostname: chat.btf.hipchat.com
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO errbot.core Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG sleekxmpp.thirdparty.stat ==== TRANSITION connected -> disconnected
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 WARNING sleekxmpp.xmlstream.xmlst Failed to send b"<stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>"
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO errbot.core Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG sleekxmpp.thirdparty.stat ==== TRANSITION connected -> disconnected
21:16:01 DEBUG sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 ERROR sleekxmpp.xmlstream.xmlst Socket Error #9: Bad file descriptor
即使我在 BOT_IDENTITY 中指定了“'verify': False”并且在配置中指定了 XMPP_CA_CERT_FILE = None,Errbot 仍保留验证证书。
部分配置:
BOT_IDENTITY = {
## HipChat mode (Comment the above if using this mode)
'username' : '1_2@chat.btf.hipchat.com',
'password' : '123qweASD',
## Group admins can create/view tokens on the settings page after logging
## in on HipChat's website
'token' : 'sometoken',
## If you're using HipChat server (self-hosted HipChat) then you should set
## the endpoint below. If you don't use HipChat server but use the hosted version
## of HipChat then you may leave this commented out.
'endpoint' : 'hipchat.test.intra',
'verify': False,
}
XMPP_CA_CERT_FILE = None
非常感谢任何让它发挥作用的想法。
此错误的来源发生在 verify 函数中,该函数验证证书在主机名和有效期方面是否有效。
在 errbot 的配置中设置的 XMPP_CA_CERT_FILE 的值最终会传递给 XMLStream class 中的 ca_certs,用于影响 cert_policy。这设置了 ssl.CERT_NONE 但即便如此,它 still calls verify.
这意味着目前您可以拥有一个(可能 self-signed)没有有效信任根的证书,但您仍然必须确保您要连接的主机名与证书的主机名 (CN) 相匹配. (这是 SleekXMPP,errbot 使用的底层 XMPP 库强加给我们的东西,而不是直接来自 errbot 本身的东西)。