在 python 2.7.9 中禁用默认证书验证 [英] disable default certificate verification in python 2.7.9

问题描述

我尝试建立到 XMLRPC api 的本地 HTTPS 连接.由于我升级到 python 2.7.9，默认启用证书验证，我使用 API 时出现 CERTIFICATE_VERIFY_FAILED 错误

<预><代码>>>>test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',verbose=False, use_datetime=True)>>>test.list_satellites()回溯(最近一次调用最后一次):文件<stdin>"，第 1 行，在 <module> 中文件/usr/local/lib/python2.7/xmlrpclib.py"，第 1233 行，在 __call__ 中返回 self.__send(self.__name, args)文件/usr/local/lib/python2.7/xmlrpclib.py"，第 1591 行，在 __request 中详细=自我.__详细请求中的文件/usr/local/lib/python2.7/xmlrpclib.py"，第 1273 行返回 self.single_request(host, handler, request_body, verbose)文件/usr/local/lib/python2.7/xmlrpclib.py"，第 1301 行，在 single_request 中self.send_content(h, request_body)文件/usr/local/lib/python2.7/xmlrpclib.py"，第 1448 行，在 send_contentconnection.endheaders(request_body)文件/usr/local/lib/python2.7/httplib.py"，第 997 行，在 endheaders 中self._send_output(message_body)文件/usr/local/lib/python2.7/httplib.py"，第 850 行，在 _send_output 中self.send(msg)文件/usr/local/lib/python2.7/httplib.py"，第812行，发送self.connect()文件/usr/local/lib/python2.7/httplib.py"，第 1212 行，在连接中server_hostname=server_hostname)文件/usr/local/lib/python2.7/ssl.py"，第 350 行，在 wrap_socket_上下文=自我)文件/usr/local/lib/python2.7/ssl.py"，第 566 行，在 __init__ 中self.do_handshake()文件/usr/local/lib/python2.7/ssl.py"，第 788 行，在 do_handshake 中self._sslobj.do_handshake()ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:581)>>>导入 ssl>>>ssl._create_default_https_context = ssl._create_unverified_context>>>test.list_satellites()[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]

在 python 2.7.9 中是否存在禁用默认证书验证的 pythonic 方法?

我真的不知道更改私有"全局 SSL 属性是否好(ssl._create_default_https_context = ssl._create_unverified_context)

解决方案

您必须提供一个未经验证的 SSL 上下文，可以手动构建或使用 ssl 模块中的私有函数 _create_unverified_context() 构建:

导入xmlrpclib导入 ssltest = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',详细=假，使用日期时间=真，上下文=ssl._create_unverified_context())test.list_satellites()

注意:此代码仅适用于 python >= 2.7.9(context参数是在 Python 2.7.9 中添加的)

如果你想让代码与以前的 Python 版本兼容，你必须使用 transport 参数:

导入xmlrpclib导入 sslcontext = hasattr(ssl, '_create_unverified_context') 和 ssl._create_unverified_context() \或无test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',详细=假，使用日期时间=真，运输=xmlrpclib.SafeTransport(使用日期时间=真，上下文=上下文))test.list_satellites()

I try to make a local HTTPS connection to a XMLRPC api. Since I upgrade to python 2.7.9 that enable by default certificates verification, I got a CERTIFICATE_VERIFY_FAILED error when I use my API

>>> test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',verbose=False, use_datetime=True)
>>> test.list_satellites()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/local/lib/python2.7/httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "/usr/local/lib/python2.7/httplib.py", line 850, in _send_output
    self.send(msg)
  File "/usr/local/lib/python2.7/httplib.py", line 812, in send
    self.connect()
  File "/usr/local/lib/python2.7/httplib.py", line 1212, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/local/lib/python2.7/ssl.py", line 566, in __init__
    self.do_handshake()
  File "/usr/local/lib/python2.7/ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>>> import ssl
>>> ssl._create_default_https_context = ssl._create_unverified_context
>>> test.list_satellites()
[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]

Does exists a pythonic way to disable default certificate verification in python 2.7.9 ?

I don't realy know if it's good to change "private" global SSL attribute (ssl._create_default_https_context = ssl._create_unverified_context)

解决方案

You have to provide an unverified SSL context, constructed by hand or using the private function _create_unverified_context() from ssl module:

import xmlrpclib
import ssl

test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl._create_unverified_context())
test.list_satellites()

Note: this code only works with python >= 2.7.9 (contextparameter was added in Python 2.7.9)

If you want to have a code compatible with previous Python version, you have to use the transport parameter:

import xmlrpclib
import ssl

context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() \
          or None
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             transport=xmlrpclib.SafeTransport(use_datetime=True, 
                                                               context=context))
test.list_satellites()

这篇关于在 python 2.7.9 中禁用默认证书验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！