ssl-certificate verify显然可以与ssl客户机一起使用,但不能与urllib3一起使用

2024-09-28 05:20:25 发布

您现在位置:Python中文网/ 问答频道 /正文
3136 3

我有一个和讨论过的非常相似的问题here

我使用的是python3.4和urllib3库。在

当我测试下面的代码时,我得到:

Traceback (most recent call last):
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 345, in _make_request
    self._validate_conn(conn)
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 844, in _validate_conn
    conn.connect()
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 326, in connect
    ssl_context=context)
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/util/ssl_.py", line 324, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
    _context=self)
  File "/usr/lib/python3.4/ssl.py", line 578, in __init__
    self.do_handshake()
  File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/adapters.py", line 423, in send
    timeout=timeout
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 630, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/julimatt/workspace2/zibawa/stack_configs/tests.py", line 44, in test_bind_grafana
    result=getFromGrafanaApi(apiurl, data,'GET')
  File "/home/julimatt/workspace2/zibawa/stack_configs/models.py", line 317, in getFromGrafanaApi
    verify=ca_certs,
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)

我的代码是:

^{pr2}$

如果我在请求中使用'verify=False'测试代码,那么它可以正常工作,但显然这不是一个安全的解决方案。在

我尝试使用以下方法从同一台机器上的终端测试ssl连接:

openssl s_client -connect myserver.com:3000 -CAfile /path/to/letsencypt/fullchain.pem

然后我成功地握手了。在

所以我不明白为什么我会犯这个错误。在

提前感谢您能提供的任何帮助。在


Tags: inpysslhomelibpackageslinesite
1条回答
网友
1楼 · 发布于 2024-09-28 05:20:25

我不知道要使用哪个根证书,而是使用中间证书。在

解决方案:

在letsencrypt社区的帮助下,我从https://www.identrust.com/certificates/trustid/root-download-x3.html复制了DST根cax3。我还必须将“-BEGIN CERTIFICATE-”和“-END CERTIFICATE-”添加到我的文件中。然后保存这个文件,当从python调用api时,我可以设置“ca_certs”指向这个文件,“verify_certs”现在可以工作了。在

相关问题 更多 >

    编程相关推荐

    热门问题