问题描述

我有这个小的Dockerfile

I have this small Dockerfile

FROM alpine:3.3
RUN apk --update add python
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

用 docker build -t alpine-py / 01建造它。然后用<$ c $运行它c> docker run -it --rm alpine-py / 01 创建以下输出

Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/usr/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/usr/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/usr/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/usr/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/usr/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

昨天我被最近的OpenSSL 1.0.2g版本咬伤了，这导致了 py-cryptograpy 无法编译。幸运的是，几个小时后，来自 py-cryptography 的家伙在PyPI上发布了新版本。问题是OpenSSL中的函数获得了新的签名。

Yesterday I got bitten by the recent OpenSSL 1.0.2g release, which caused py-cryptograpy to not compile. Luckily the guys from py-cryptography released a new version on PyPI a couple of hours later. The issue was that a function in OpenSSL got a new signature.

这可能相关还是我遗漏了什么？

Could this be related or am I missing something?

推荐答案

您需要安装ca证书才能通过公共CA验证签名证书：

You need to install ca-certificates to be able to validate signed certs by public CAs:

FROM alpine:3.3
RUN apk --no-cache add python ca-certificates
CMD ["python", "-c", "import urllib2; response = urllib2.urlopen('https://www.python.org')"]

这篇关于导致SSL的Alpine 3.3，Python 2.7.11，urllib2：CERTIFICATE_VERIFY_FAILED的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！