If you know that the site you're trying to get is a "good guy", you can try creating your "opener" like this:

如果您知道您要访问的网站是“好人”，您可以尝试像这样创建“开场白”：

import httplib2
if __name__ == "__main__":
    h = httplib2.Http(".cache", disable_ssl_certificate_validation=True)
    resp, content = h.request("https://site/whose/certificate/is/bad/", "GET")

(the interesting part is disable_ssl_certificate_validation=True)

（有趣的部分是disable_ssl_certificate_validation=True）

From the docs: http://bitworking.org/projects/httplib2/doc/html/libhttplib2.html#httplib2.Http

来自文档：http: //bitworking.org/projects/httplib2/doc/html/libhttplib2.html#httplib2.Http

EDIT 01:

编辑 01：

Since your question was actually why does this happen, you can check thisor this.

由于您的问题实际上是为什么会发生这种情况，您可以检查this或this。

EDIT 02:

编辑 02：

Seeing how this answer has been visited by more people than I expected, I'd like to explain a bit whendisabling certificate validation could be useful.

看到访问此答案的人比我预期的要多，我想解释一下禁用证书验证何时有用。

First, a bit of light background on how these certificates work. There's quite a lot of information in the links provided above, but here it goes, anyway.

首先，了解一下这些证书的工作原理。上面提供的链接中有很多信息，但无论如何都在这里。

The SSL certificates need to be verified by a well known (at least, well known to your browser) Certificate Authority. You usually buy the whole certificate from one of those authorities (Symantec, GoDaddy...)

SSL 证书需要由众所周知的（至少，您的浏览器众所周知）证书颁发机构进行验证。您通常会从这些机构之一（赛门铁克、GoDaddy...）购买整个证书

Broadly speaking, the idea is: Those Certificate Authorities (CA) give you a certificate that also contains the CA informationin it. Your browsers have a list of well known CAs, so when your browser receives a certificate, it will do something like: "HmmmMMMmmm...._{[the browser makes a supiciuous face here]}... I received a certificate, and it says it's verified by Symantec. Do I know that "Symantec" guy?_{[the browser then goes to its list of well known CAs and checks for Symantec]}Oh, yeah! I do. Ok, the certificate is good!

从广义上讲，这个想法是：那些证书颁发机构 (CA) 为您提供一个证书，其中还包含CA 信息。你的浏览器有一个众所周知的 CA 列表，所以当你的浏览器收到一个证书时，它会做这样的事情：“HmmmmMMmmm.... _{[浏览器在这里做了一张可疑的脸]} ...我收到了一个证书，它说它由赛门铁克验证。我认识那个“赛门铁克”人吗？_{[浏览器然后转到其知名 CA 列表并检查赛门铁克]}哦，是的！我知道。好的，证书很好！

You can see that information yourself if you click on the little lock by the URL in your browser:

如果您单击浏览器中 URL 旁边的小锁，您可以自己查看该信息：

However, there are cases in which you just want to test the HTTPS, and you create your own Certificate Authority using a couple of command linetools and you use that "custom" CA to sign a "custom" certificate that you just generated as well, right? In that case, your browser (which, by the way, in the question is httplib2.Http) is not going to have your "custom" CA among the list of trusted CAs, so it's going to say that the certificate is invalid. The information is still going to travel encrypted, but what the browser is telling you is that it doesn't fully trust that is traveling encrypted to the place you are supposing it's going.

但是，在某些情况下，您只想测试 HTTPS，然后使用几个命令行工具创建自己的证书颁发机构，并使用该“自定义”CA 签署您刚刚生成的“自定义”证书， 对？在这种情况下，您的浏览器（顺便说一下，问题是httplib2.Http）不会在受信任的 CA 列表中包含您的“自定义”CA，因此它会说证书无效。信息仍会以加密方式传输，但浏览器告诉您的是，它并不完全信任以加密方式传输到您假设要去的地方。

For instance, let's say you created a set of custom keys and CAs and all the mambo-jumbo following this tutorialfor your localhostFQDNand that your CA certificate file is located in the current directory. You could very well have a server running on https://localhost:4443using your custom certificates and whatnot. Now, your CA certificate file is located in the current directory, in the file ./ca.crt(in the same directory your Python script is going to be running in). You could use httplib2like this:

例如，假设您按照本教程为localhostFQDN创建了一组自定义密钥和 CA 以及所有 mambo-jumbo ，并且您的 CA 证书文件位于当前目录中。您很可能会https://localhost:4443使用您的自定义证书等来运行服务器。现在，您的 CA 证书文件位于当前目录中的文件中./ca.crt（在您的 Python 脚本将在其中运行的同一目录中）。你可以这样使用httplib2：

h = httplib2.Http(ca_certs='./ca.crt')
response, body = h.request('https://localhost:4443')
print(response)
print(body)

... and you wouldn't see the warning anymore. Why? Because you told httplib2to go look for the CA's certificate to ./ca.crt)

......你不会再看到警告了。为什么？因为你告诉httplib2去寻找 CA 的证书来./ca.crt）

However, since Chrome (to cite a browser) doesn't know about this CA's certificate, it will consider it invalid:

但是，由于 Chrome（引用浏览器）不知道这个 CA 的证书，它会认为它无效：

Also, certificates expire. There's a chance you are working in a company which uses an internal site with SSL encryption. It works ok for a year, and then your browser starts complaining. You go to the person that is in charge of the security, and ask "Yo!! I get this warning here! What's happening?"And the answer could very well be "Oh boy!! I forgot to renew the certificate! It's ok, just accept it from now, until I fix that."(true story, although there were swearwords in the answer I received :-D)

此外，证书也会过期。您可能在一家使用 SSL 加密的内部站点的公司工作。它可以正常工作一年，然后您的浏览器开始抱怨。你去找负责安全的人，问“哟！我在这里收到这个警告！发生了什么？” 答案很可能是“哦，天哪！我忘记更新证书了！没关系，从现在开始接受它，直到我解决这个问题。” （真实的故事，虽然我收到的答案中有脏话：-D）

Recent versions of httplib2 is defaulting to its own certificate store.

httplib2 的最新版本默认为它自己的证书存储。

# Default CA certificates file bundled with httplib2.
CA_CERTS = os.path.join(
     os.path.dirname(os.path.abspath(__file__ )), "cacerts.txt")

In case if you're using ubuntu/debian, you can explicitly pass the path to system certificate file like

如果您使用的是 ubuntu/debian，您可以明确地将路径传递给系统证书文件，如

httplib2.HTTPSConnectionWithTimeout(HOST, ca_certs="/etc/ssl/certs/ca-certificates.crt")

Maybe this could be the case: I got the same problem and debugging the Google Lib I found out that the reason was that I was using an older version of httplib2(0.9.2). When I updated to the most recent (0.14.0) it worked.

也许情况可能是这样：我遇到了同样的问题，在调试 Google Lib 时发现原因是我使用的是旧版本httplib2(0.9.2)。当我更新到最新的（0.14.0）时，它起作用了。

If you already install the most recent, make sure that some lib is not installing an older version of httplib2inside its dependencies.

如果您已经安装了最新版本，请确保某些库没有httplib2在其依赖项中安装旧版本。