调试Twill异常错误

Question

我一直无法转到URL usign twill，也找不到进一步调试这个问题的方法。我已经在twill中启用了"http“、”equiv refresh“和"commands”的调试级别，但twill仍然没有给出任何有关该错误的详细信息。以下是twill-sh的输出：

    $ twill-sh

     -= Welcome to twill! =-

    current page:  *empty page*
    >> debug equiv-refresh 1
    DEBUG: setting equiv-refresh debugging to level 1
    current page:  *empty page*
    >> debug http 1
    DEBUG: setting http debugging to level 1
    current page:  *empty page*
    >> debug commands 1
    DEBUG: setting commands debugging to level 1
    current page:  *empty page*
    >> go https://auth.nbnco.net.au/okta/login

    ERROR: cannot go to 'https://auth.nbnco.net.au/okta/login'

    current page:  *empty page*

下面是python脚本的输出：

    $ ./test.py
    Traceback (most recent call last):
      File "./test.py", line 13, in <module>
        go("https://auth.nbnco.net.au/okta/login")
      File "/usr/lib/python2.7/site-packages/twill/commands.py", line 109, in go
        browser.go(url)
      File "/usr/lib/python2.7/site-packages/twill/browser.py", line 91, in go
        raise TwillException("cannot go to '%s'" % (url,))
    twill.errors.TwillException: cannot go to 'https://auth.nbnco.net.au/okta/login'

Answer 1

猜测: Twill不会加载页面，因为验证页面的SSL证书时出现问题。

尝试使用urllib2.urlopen获取页面失败，错误如下：

>>> urllib2.urlopen('https://auth.nbnco.net.au/okta/login')
Traceback (most recent call last):
...                                                                                                       
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:661)>   

使用curl获取页面会产生以下输出：

$  curl https://auth.nbnco.net.au/okta/login > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a "bundle"
 of Certificate Authority (CA) public keys (CA certs). If the default
 bundle file isn't adequate, you can specify an alternate file
 using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
 the bundle, the certificate verification probably failed due to a
 problem with the certificate (it might be expired, or the name might
 not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
 the -k (or --insecure) option.

这个页面在Firefox和Chromium中加载时没有错误，所以浏览器的证书处理对证书的处理是不同的。

sites SSL证书由赛门铁克颁发。这一行为可能与赛门铁克过去的证书颁发问题有关，这导致Chrome和Mozilla宣布他们将进行distrust SSL certificates from Symantec in 2018。

我不认为在Twill中你可以做任何事情来解决这个问题。