1

我们拥有自己的公司范围内的证书颁发机构,用于签署 SSL 证书。大多数情况下,只要您的操作系统(在我们的例子中是 CentOS 7)注册该权限,它就可以正常工作。它存储在这里:

/etc/pki/ca-trust/source/anchors/company_ca.pem

这允许 Firefox/chrome 信任通过它签名的 SSL 证书。

sphinx-build -W -blinkcheck […]用来检查我的 Python 项目中的链接是否仍然有效,因为链接腐烂在文档中很糟糕。这适用于所有外部链接。

但是,当链接到我们自己的 SSL 版本的 mantis(一个错误跟踪器)时,我得到一个

SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),)))

错误。在我们的设置中,Mantis 仅在 https 上运行。

我如何告诉 sphinx 添加公司范围的权限?

我通常通过 tox 运行它,如下所示:

运行这个的毒物片段:

[testenv:docs]
basepython=python2.7
deps=-r{toxinidir}/requirements/requirements.txt
commands=./check_docs.bash

bash 脚本:

#!/bin/bash
set -eux
sphinx-apidoc --force --separate --private --module-first -o docs src/ '*/*test*'
cd docs
pytest --maxfail=1 \
    --tb=line \
    -v \
    --junitxml=junit_sphinx.xml \
    --exitfirst \
    --failed-first \
    --full-trace \
    -ra \
    --capture=no \
    check_sphinx.py

和蟒蛇脚本:

import subprocess


def test_linkcheck(tmpdir):
    doctrees = tmpdir.join("doctrees")
    htmldir = tmpdir.join("html")
    subprocess.check_call([
        "sphinx-build", "-W", "-blinkcheck", "-d",
        str(doctrees), ".",
        str(htmldir)
    ])


def test_build_docs(tmpdir):
    doctrees = tmpdir.join("doctrees")
    htmldir = tmpdir.join("html")
    subprocess.check_call([
        "sphinx-build", "-W", "-bhtml", "-d",
        str(doctrees), ".",
        str(htmldir)
    ])
4

1 回答 1

0

Sphinx 使用requestswhich uses certifi-- 感谢sraw在评论中指出这一点。您可以修改certifi.where()以包含您自己的证书颁发机构。

因为您可能会运行 tox 或重新构建您的虚拟环境,所以手动执行此操作既乏味又容易出错。夹具使这更容易处理。

Python 脚本更改为以下内容。

# -*- coding: utf-8 -*-
import subprocess
import certifi
import requests
import pytest

CA = '/etc/pki/ca-trust/source/anchors/company_ca.pem'


@pytest.fixture
def certificate_authority(scope="module"):
    try:
        # Checking connection to Mantis…
        requests.get('https://mantisbt.example.com')
        # Connection to Mantis OK, thus CA should work fine.
    except requests.exceptions.SSLError:
        # SSL Error. Adding custom certs to Certifi store…
        cafile = certifi.where()
        with open(CA, 'rb') as infile:
            customca = infile.read()
        with open(cafile, 'ab') as outfile:
            outfile.write(customca)
        # That might have worked.


def test_linkcheck(certificate_authority, tmpdir):
    doctrees = tmpdir.join("doctrees")
    htmldir = tmpdir.join("html")
    subprocess.check_call([
        "sphinx-build", "-W", "-blinkcheck", "-d",
        str(doctrees), ".",
        str(htmldir)
    ])


def test_build_docs(certificate_authority, tmpdir):
    doctrees = tmpdir.join("doctrees")
    htmldir = tmpdir.join("html")
    subprocess.check_call([
        "sphinx-build", "-W", "-bhtml", "-d",
        str(doctrees), ".",
        str(htmldir)
    ])
于 2018-06-01T11:33:59.303 回答