Python请求模块中的SSLError [英] SSLError in Python requests module

问题描述

我想使用从服务器生成的证书从我的客户端向服务器进行身份验证.我有一个 server-ca.crt，下面是正在运行的 CURL 命令.如何使用 python requests 模块发送类似的请求.

I would like to authenticate to server from my client using certificate that is generated from server.I have a server-ca.crt and below is the CURL command that is working.How to send similar request using python requests module .

$ curl -X GET -u sat_username:sat_password \
-H "Accept:application/json" --cacert katello-server-ca.crt \
https://satellite6.example.com/katello/api/organizations

我尝试了以下方法，但出现了一些异常，有人可以帮助解决此问题.

I have tried following way and it is getting some exception, can someone help in resolving this issue.

 python requestsCert.py
Traceback (most recent call last):
  File "requestsCert.py", line 2, in <module>
    res=requests.get('https://satellite6.example.com/katello/api/organizations', cert='/certificateTests/katello-server-ca.crt', verify=True)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 68, in get
    return request('get', url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2554)

推荐答案

res=requests.get('https://...', cert='/certificateTests/katello-server-ca.crt', verify=True)

requests.get 中的 cert 参数用于指定用于相互认证的客户端证书和密钥.它不像 curl 中的 --cacert 参数那样用于指定受信任的 CA.相反，您应该使用 verify 参数:

The cert argument in requests.get is used to specify the client certificate and key which should be used for mutual authentication. It is not used to specify the trusted CA as the --cacert argument in curl does. Instead you should use the verify argument:

res=requests.get('https://...', verify='/certificateTests/katello-server-ca.crt')

有关更多信息，请参阅SSL 证书验证 和 客户端证书在 requests 的文档中.

For more information see SSL Cert Verification and Client Side Certificates in the documentation for requests.

这篇关于Python请求模块中的SSLError的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！