禁用errbot证书验证

Question

由于ssl证书无效，我很难尝试将errbot连接到dev HipChat服务器。

日志：

21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: ssl_cert
21:16:01 ERROR    sleekxmpp.xmlstream.xmlst Could not match certficate against hostname: chat.btf.hipchat.com
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst SEND (IMMED): <stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 WARNING  sleekxmpp.xmlstream.xmlst Failed to send b"<stream:stream to='chat.btf.hipchat.com' xmlns:stream='http://etherx.jabber.org/streams' xmlns='jabber:client' xml:lang='en' version='1.0'>"
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: session_end
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: disconnected
21:16:01 INFO     errbot.core               Disconnect callback, deactivating all the plugins.
21:16:01 DEBUG    sleekxmpp.thirdparty.stat  ==== TRANSITION connected -> disconnected
21:16:01 DEBUG    sleekxmpp.xmlstream.xmlst Event triggered: socket_error
21:16:01 ERROR    sleekxmpp.xmlstream.xmlst Socket Error #9: Bad file descriptor

Errbot在BOT_IDENTITY中指定了“验证”：False，并且在配置中指定了XMPP_CA_CERT_FILE = None，但Errbot仍然保留了verify。

配置的一部分：

BOT_IDENTITY = {
    ## HipChat mode (Comment the above if using this mode)
    'username' : '1_2@chat.btf.hipchat.com',
    'password' : '123qweASD',
    ## Group admins can create/view tokens on the settings page after logging
    ## in on HipChat's website
    'token'    : 'sometoken',
    ## If you're using HipChat server (self-hosted HipChat) then you should set
    ## the endpoint below. If you don't use HipChat server but use the hosted version
    ## of HipChat then you may leave this commented out.
    'endpoint' : 'hipchat.test.intra',
    'verify': False,
}
XMPP_CA_CERT_FILE = None

任何如何使它工作的想法都是值得赞赏的。

Answer 1

此错误的源发生在验证函数中，该函数验证证书在主机名和有效日期方面是有效的。

errbot的配置中的XMPP_CA_CERT_FILE集的值最终被传递给XMLStream类中的ca_certs，在那里它被用来影响cert_policy。这设置了ssl.CERT_NONE，但即便如此，它仍然是仍打电话核实。

这意味着目前您可以拥有一个(可能是自签名的)证书，而不需要有效的信任根，但是您仍然必须确保连接到的主机名与证书的主机名(CN)匹配。(这是由errbot使用的底层XMPP库SleekXMPP强加给我们的东西，而不是从errbot本身直接得到的东西)。