使用easywebdav时如何验证我的自签名证书? [英] How can I verify my selfsigned certificate when using easywebdav?
问题描述
我知道如何通过使用 easywebdav 使用 python 连接到我自己的云.
我使用的是自签名证书和 verify_ssl=False
,但这使我容易受到中间人攻击,这是首先使用 ssl 的唯一原因.>
我正在使用 Fedora 并尝试将我的服务器证书添加到 $HOME/.pki/CA/cacert.pem
,但它仍然失败.
您已经在 $HOME/.pki/CA/cacert.pem
中拥有您的服务器证书.但是为了对其他人完整,您可以像这样使用python获得证书:
导入ssl导入操作系统#获取https证书cert = ssl.get_server_certificate(('example.com', 443))# 将其附加到我的个人链中pem_path = os.path.expanduser('~/.pki/CA/cacert.pem')使用 open(pem_path, 'a+') 作为 f:f.写(证书)
然后在easywebdav中使用它.Easywebdav 基于请求构建.而 verify_ssl
用作 requests.Session.verify
请求文档说它接受布尔值(True 使用默认链) 或CA_BUNDLE 的路径.
所以这应该有效:
导入easywebdavpem_path = os.path.expanduser('~/.pki/CA/cacert.pem')webdav = easywebdav.connect('example.com', username='user', password='pass',协议='https',端口=443,verify_ssl=pem_path)...
I know how to connect to my owncloud with python, by using easywebdav.
I'm using a selfsigned certificate and verify_ssl=False
, but that makes me vulnerable to man-in-the-middle attacks, the only reason to use ssl in the first place.
I'm using Fedora and tried adding my servers certificate to $HOME/.pki/CA/cacert.pem
, but it still fails.
You already have your server certificate in $HOME/.pki/CA/cacert.pem
. But to be complete for others, you can get a certificate with python like this:
import ssl
import os
# get the https certificate
cert = ssl.get_server_certificate(('example.com', 443))
# append it to my personal chain
pem_path = os.path.expanduser('~/.pki/CA/cacert.pem')
with open(pem_path, 'a+') as f:
f.write(cert)
Then to use it in easywebdav. Easywebdav builds on requests. And the verify_ssl
is used as requests.Session.verify
Requests docs say it accepts a boolean (True uses the default chain) or a path to a CA_BUNDLE.
So this should work:
import easywebdav
pem_path = os.path.expanduser('~/.pki/CA/cacert.pem')
webdav = easywebdav.connect('example.com', username='user', password='pass',
protocol='https', port=443,
verify_ssl=pem_path)
...
这篇关于使用easywebdav时如何验证我的自签名证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!