<p>也许我只是部分地回答了你的问题。您最大的担心似乎是您获取密钥的通道的安全性。您没有显示您如何获取该密钥的任何代码,但您说您通过HTTPS检索它,现在您希望通过证书验证来验证此连接的真实性。在</p>
<p>使用成熟的第三方web客户机框架<a href="http://docs.python-requests.org" rel="nofollow">requests</a>,您可以轻松地做到这一点。在</p>
<p>引自<a href="http://docs.python-requests.org/en/latest/user/advanced/" rel="nofollow">the docs</a>:</p>
<blockquote>
<p>Requests can verify SSL certificates for HTTPS requests, just like a
web browser. To check a host’s SSL certificate, you can use the verify
argument:</p>
</blockquote>
<pre><code>requests.get(url, verify=True)
</code></pre>
<p>同时:</p>
<blockquote>
<p>You can pass verify the path to a CA_BUNDLE file with certificates of
trusted CAs.</p>
</blockquote>
<p>后者可能看起来像</p>
^{pr2}$
<p>如果您真的想控制(并降低复杂性),那么从<a href="http://www.symantec.com/page.jsp?id=roots" rel="nofollow">http://www.symantec.com/page.jsp?id=roots</a>加载正确的文件并采用<code>verify='/path/to/cert.pem'</code>方法。我想你需要<a href="http://www.symantec.com/content/en/us/enterprise/verisign/roots/Class-3-Public-Primary-Certification-Authority-G2.pem" rel="nofollow">http://www.symantec.com/content/en/us/enterprise/verisign/roots/Class-3-Public-Primary-Certification-Authority-G2.pem</a></p>