Python 请求抛出 SSLError [英] Python Requests throwing SSLError
问题描述
我正在编写一个简单的脚本,涉及 CAS、jspring 安全检查、重定向等.我想使用 Kenneth Reitz 的 python 请求,因为它是一项很棒的工作!但是,CAS 需要通过 SSL 进行验证,所以我必须先通过这一步.我不知道 Python 请求想要什么?这个 SSL 证书应该存放在哪里?
I'm working on a simple script that involves CAS, jspring security check, redirection, etc. I would like to use Kenneth Reitz's python requests because it's a great piece of work! However, CAS requires getting validated via SSL so I have to get past that step first. I don't know what Python requests is wanting? Where is this SSL certificate supposed to reside?
Traceback (most recent call last):
File "./test.py", line 24, in <module>
response = requests.get(url1, headers=headers)
File "build/bdist.linux-x86_64/egg/requests/api.py", line 52, in get
File "build/bdist.linux-x86_64/egg/requests/api.py", line 40, in request
File "build/bdist.linux-x86_64/egg/requests/sessions.py", line 209, in request
File "build/bdist.linux-x86_64/egg/requests/models.py", line 624, in send
File "build/bdist.linux-x86_64/egg/requests/models.py", line 300, in _build_response
File "build/bdist.linux-x86_64/egg/requests/models.py", line 611, in send
requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
推荐答案
您遇到的问题是由不受信任的 SSL 证书引起的.
The problem you are having is caused by an untrusted SSL certificate.
就像之前评论中提到的@dirk 一样,最快 修复是设置 verify=False:
Like @dirk mentioned in a previous comment, the quickest fix is setting verify=False:
requests.get('https://example.com', verify=False)
请注意,这将导致无法验证证书.这会使您的应用面临安全风险,例如中间人攻击.
Please note that this will cause the certificate not to be verified. This will expose your application to security risks, such as man-in-the-middle attacks.
当然,应用判断.正如评论中提到的,这可能对于快速/一次性应用程序/脚本来说是可以接受的,但真的不应该用于生产软件.
Of course, apply judgment. As mentioned in the comments, this may be acceptable for quick/throwaway applications/scripts, but really should not go to production software.
如果在您的特定上下文中不接受仅跳过证书检查,请考虑以下选项,您最好的选择是将 verify 参数设置为作为 路径的字符串.pem 证书文件(您应该通过某种安全方式获取).
If just skipping the certificate check is not acceptable in your particular context, consider the following options, your best option is to set the verify parameter to a string that is the path of the .pem file of the certificate (which you should obtain by some sort of secure means).
因此,从 2.0 版本开始,verify 参数接受以下值及其各自的语义:
So, as of version 2.0, the verify parameter accepts the following values, with their respective semantics:
True:使证书根据库自己受信任的证书颁发机构进行验证(注意:您可以通过 Certifi 库查看请求使用哪些根证书,该库是从请求中提取的 RC 的信任数据库:Certifi - 人类信任数据库).False:完全绕过证书验证.- 请求用于验证证书的 CA_BUNDLE 文件的路径.
True: causes the certificate to validated against the library's own trusted certificate authorities (Note: you can see which Root Certificates Requests uses via the Certifi library, a trust database of RCs extracted from Requests: Certifi - Trust Database for Humans).False: bypasses certificate validation completely.- Path to a CA_BUNDLE file for Requests to use to validate the certificates.
另请查看同一链接上的 cert 参数.
Also take a look at the cert parameter on the same link.
这篇关于Python 请求抛出 SSLError的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
