SSL 错误握手错误 10054 “WSAECONNRESET" [英] SSL bad Handshake Error 10054 "WSAECONNRESET"
本文介绍了SSL 错误握手错误 10054 “WSAECONNRESET"的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
注意事项:
版本Python 2.7.11 和我的请求版本是2.10.0"'OpenSSL 1.0.2d 2015 年 7 月 9 日'转载前请阅读以下 Martijn Pieters 的评论最初我尝试使用以下代码从 https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx 获取 pdf
代码 1:
<预><代码>>>>进口请求>>>requests.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx",verify=False)错误:
回溯(最近一次调用最后一次):文件<stdin>",第 1 行,在 <module> 中文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\api.py",第 67 行,在 get返回请求('get', url, params=params, **kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\api.py",第 53 行,在请求中返回 session.request(method=method, url=url, **kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\sessions.py",第 468 行,在请求中resp = self.send(prep, **send_kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\sessions.py",第 576 行,发送r = adapter.send(request, **kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\adapters.py",第 447 行,发送引发 SSLError(e, request=request)requests.exceptions.SSLError: ("握手错误:SysCallError(10054, 'WSAECONNRESET')",)经过谷歌搜索和搜索,我发现您使用了 SSL 验证,并且使用带有适配器的会话可以解决问题.但我仍然有错误,请在下面找到代码和错误
代码 2:
导入请求从 requests.adapters 导入 HTTPAdapter从 requests.packages.urllib3.poolmanager 导入 PoolManager导入 ssl导入回溯类 MyAdapter(HTTPAdapter):def init_poolmanager(self, connections, maxsize, block=False):self.poolmanager = PoolManager(num_pools=connections,最大尺寸=最大尺寸,块=块,ssl_version=ssl.PROTOCOL_TLSv1)s = requests.Session()s.mount('https://', MyAdapter())打印安装"r = s.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx",流=真,超时=120)错误:
回溯(最近一次调用最后一次):文件<stdin>",第 1 行,在 <module> 中文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\sessions.py",第 480 行,在 get返回 self.request('GET', url, **kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\sessions.py",第 468 行,在请求中resp = self.send(prep, **send_kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\sessions.py",第 576 行,发送r = adapter.send(request, **kwargs)文件C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packages\requests\adapters.py",第 447 行,发送引发 SSLError(e, request=request)requests.exceptions.SSLError: ("握手错误:SysCallError(10054, 'WSACONNRESET')",) 解决方案
首先,我确认主机 www.neco.navy.mil 无法从任何地方访问.从一些网络(地理)它可以工作*,从其他网络连接只是挂起:
$ curl www.neco.navy.milcurl: (7) 无法连接到主机$ curl https://www.neco.navy.milcurl: (7) 无法连接到主机其次,当可以建立连接时,存在证书问题:
$ curl -v https://www.neco.navy.mil* 重建网址:https://www.neco.navy.mil/* 在 DNS 缓存中未找到主机名* 正在尝试 205.85.2.133...* 连接到 www.neco.navy.mil (205.85.2.133) 端口 443 (#0)* 成功设置证书验证位置:* CA文件:无CApath:/etc/ssl/certs* SSLv3、TLS 握手、客户端问候 (1):* SSLv3、TLS 握手、服务器问候 (2):* SSLv3、TLS 握手、CERT (11):* SSLv3、TLS 警报、服务器问候 (2):* SSL证书问题:无法获取本地颁发者证书* 关闭连接 0curl: (60) SSL 证书问题:无法获取本地颁发者证书更多细节在这里:http://curl.haxx.se/docs/sslcerts.htmlcurl 默认使用捆绑"执行 SSL 证书验证证书颁发机构 (CA) 公钥(CA 证书).如果默认捆绑文件不够用,您可以指定一个备用文件使用 --cacert 选项.如果此 HTTPS 服务器使用由捆绑,证书验证可能由于证书有问题(它可能已过期,或者名称可能与 URL 中的域名不匹配).如果您想关闭 curl 对证书的验证,请使用-k(或 --insecure)选项.为了确保,您只需将其提供给
CA(DoD Root CA 2)不受信任.而且它不在链中.请注意,OpenSSL 验证过程需要整个链:
<块引用>首先建立一个从提供的证书开始到根 CA 结束的证书链.如果不能建立整个链条就是一个错误.
但只有 www.neco.navy.mil -> DODCA-28.它可能与 TLD 和额外的安全措施有关,但无论如何单独的 C 级并不多;-)
在他们的 Python 方面,它不会有太大的不同.如果您无权访问 CA,则只能完全禁用证书验证(当然,在解决连接问题之后).如果你有它,你可以使用 cafile.
#!/usr/bin/env python# -*- 编码:utf-8 -*-导入 urllib2导入 sslctx = ssl.create_default_context()ctx.check_hostname = Falsectx.verify_mode = ssl.CERT_NONEr = urllib2.urlopen('https://www.neco.navy.mil/''necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',超时 = 5,上下文 = ctx)打印(len(r.read()))r = urllib2.urlopen('https://www.neco.navy.mil/''necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',timeout = 5, cafile = '/path/to/DODCA-28_and_DoD_Root_CA_2.pem')打印(len(r.read()))要使用特定版本的 Python 进行复制,请使用简单的 Dockerfile,如下所示:
FROM python:2.7.11工作目录/选择添加 ../CMD dpkg -s openssl |grep 版本 &&./app.py然后运行:
docker build -t ssl-test .码头工人运行--rm ssl-testNotes:
versions
Python 2.7.11 and my requests version is '2.10.0'
'OpenSSL 1.0.2d 9 Jul 2015'
Please read the below comment by Martijn Pieters before reproducing
Initially I tried to get pdf from https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx using code as below
code1:
>>> import requests
>>> requests.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx",verify=False)
Error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESE
T')",)
After googling and searching I found that you have use SSL verification and using session with adapters can solve the problem. But I still got error's please find the code and error's below
Code2:
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl
import traceback
class MyAdapter(HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,
maxsize=maxsize,
block=block,
ssl_version=ssl.PROTOCOL_TLSv1)
s = requests.Session()
s.mount('https://', MyAdapter())
print "Mounted "
r = s.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx", stream=True, timeout=120)
Error:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 480, in get
return self.request('GET', url, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESET')",)
解决方案
First of all, I confirm that the host, www.neco.navy.mil, is not accessible from everywhere. From some networks (geography) it works*, from others connection just hangs:
$ curl www.neco.navy.mil
curl: (7) couldn't connect to host
$ curl https://www.neco.navy.mil
curl: (7) couldn't connect to host
Second, when connection can be established there is an certificate problem:
$ curl -v https://www.neco.navy.mil
* Rebuilt URL to: https://www.neco.navy.mil/
* Hostname was NOT found in DNS cache
* Trying 205.85.2.133...
* Connected to www.neco.navy.mil (205.85.2.133) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
To make sure, you just feed it to Qualys SSL tester:
The CA (DoD Root CA 2) is not trusted. Moreover it's not in the chain. Note that OpenSSL validation process needs whole chain:
Firstly a certificate chain is built up starting from the supplied certificate and ending in the root CA. It is an error if the whole chain cannot be built up.
But there's only www.neco.navy.mil -> DODCA-28. It may be related to the TLD and extra security measure, but C grade alone isn't much anyway ;-)
On they Python side it won't be much different. If you don't have access to the CA, you can only disable certificate validation entirely (after you have connectivity problem solved, of course). If you have it, you can use cafile.
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urllib2
import ssl
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
r = urllib2.urlopen('https://www.neco.navy.mil/'
'necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',
timeout = 5, context = ctx)
print(len(r.read()))
r = urllib2.urlopen('https://www.neco.navy.mil/'
'necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',
timeout = 5, cafile = '/path/to/DODCA-28_and_DoD_Root_CA_2.pem')
print(len(r.read()))
To reproduce with certain version of Python, use simple Dockerfile like follows:
FROM python:2.7.11
WORKDIR /opt
ADD . ./
CMD dpkg -s openssl | grep Version && ./app.py
Then run:
docker build -t ssl-test .
docker run --rm ssl-test
这篇关于SSL 错误握手错误 10054 “WSAECONNRESET"的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
