在python中使用带有请求的自签名证书 [英] using self-signed certificates with requests in python
问题描述
情况:
目标网站(预先生成的网址,例如 https://my-pre-prod-site.com/login 使用的是自签名证书。
从浏览器中,可以通过https访问该站点,没有任何问题(通过在浏览器中将证书添加到信任库来禁止自签名证书警告)
Situation : The target site (a pre-prod URL, say https://my-pre-prod-site.com/login, for example) is using a self-signed certificate. From the browser, the site is accessible over https without any issues (the self-signed certificate warning is suppressed by adding the certificate to the trust store in the browser)
问题陈述:
使用请求对目标站点进行get调用的简单python脚本在不同情况下失败,出现以下任何一种错误:
Problem Statement : A simple python script that makes a get call to the target site using requests fails with either of the below errors in different situations :
requests.exceptions.SSLError:[Errno 0] _ssl.c:344:错误:00000000:lib(0):func(0):reason(0)
requests.exceptions.SSLError: [Errno 0] _ssl.c:344: error:00000000:lib(0):func(0):reason(0)
或
requests.exceptions.SSLError :[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败(_ssl.c:590)
使用的简单脚本(在python提示符下)是:
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590) The simple script used (on the python prompt) is :
import requests
res = requests.get('https://my-pre-prod-site.com/login')
**已尝试的事情**
**Things already tried **
- 我做 NOT 想跳过ssl验证。因此,verify = false不适合我。
- 我已经使用了以下相同的错误
- I do NOT want to skip the ssl verification. Hence, verify = false is not an option for me.
- I have already used the below with the same error
res = requests.get('https://my-pre-prod-site.com/login',verify = os.path.join(os.getcwd(),'test.pem')其中test.pem是通过按以下顺序连接以下命令的输出而创建的pem文件:
res = requests.get('https://my-pre-prod-site.com/login', verify = os.path.join(os.getcwd(),'test.pem') where test.pem is a pem file created by concatenating the output of the below commands in that order :
openssl rsa -in~ / Desktop / CertPath / private.key -check
openssl rsa -in ~/Desktop/CertPath/private.key -check
和
openssl x509 -pubkey -noout -in~ / Desktop / CertPath / certificate.pem
openssl x509 -pubkey -noout -in ~/Desktop/CertPath/certificate.pem
脚本从〜/ Desktop / CertPath所以getcwd()给出了证书的正确路径。
The script is run from ~/Desktop/CertPath so getcwd() gives the right path to the certificate.
- 我尝试了另一个test.pem文件以及连接顺序被反转的地方。它仍然会抛出相同的错误。
- 尝试传递持有公钥的.pem文件和保存私钥的.key文件,单独(单独),w与结果相同的错误。
有帮助的环境详情
操作系统 - ElCapitan Mac
请求 - 2.9.0
Python - 2.7.10
Python使用的OpenSSL - 'OpenSSL 0.9.8zg 2015年7月14日'
OS - ElCapitan Mac
Requests - 2.9.0
Python - 2.7.10
OpenSSL being used by Python - 'OpenSSL 0.9.8zg 14 July 2015'
注意 - openssl版本似乎不是问题。因为即使使用openssl的更新版本,错误也是相同的 - 在使用Openssl 1.x
Note - The openssl version does not seem to be an issue. Because even with an updated version of openssl, the errors are the same - tested on Ubuntu with Python 2.6 that uses the Openssl 1.x
推荐答案
这个问题很老但是如果有人想知道这里。
This question is old but In case someone wonders off here.
您将私钥和公钥放在test.pem中。这是错的。验证参数需要的是它可以信任的证书。
You are putting the private key and public key in you test.pem. This is wrong. What verify param requires is certs which it can trust.
res = requests.get('https://my-pre-prod-site.com/login', verify = os.path.join(os.getcwd(),'test.pem')
测试。 pem应该包含所有可信证书的列表。但是你在test.pem中提供的是你的公钥和私钥。你〜/ Desktop / CertPath / certificate.pem文件本身应该进入它。
The test.pem is supposed to contain the list of all the Trusted Certificates. But what you're providing in your test.pem is your public and private key. You're ~/Desktop/CertPath/certificate.pem file itself should go into it.
试试这个:
res = requests.get('https://my-pre-prod-site.com/login', verify = '~/Desktop/CertPath/certificate.pem')
这篇关于在python中使用带有请求的自签名证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
