忽略“证书未知"警报 [英] Ignore "certificate unknown" alert

问题描述

我有以下简单的Python脚本:

I have the following simple Python script:

import socket
import ssl

if __name__ == "__main__":
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.bind("", 443)
    s.listen(1)
    (conn, addr) = s.accept()
    sslconn = ssl.wrap_socket(conn, server_side=True, certfile="server.crt", keyfile="server.key", cert_reqs=ssl.CERT_NONE)

    print 'Connection established'
    while True:
        data = sslconn.recv(1024)
        if not data: break
        print "Data received"


    sslconn.close()

文件server.crt和server.key指定自签名证书的公钥和私钥.如果我使用Firefox连接到运行此脚本的主机，该脚本将以

The files server.crt and server.key specify the public and private key of a self-signed certificate. If I connect to the host running this script using, say, Firefox, the script terminates with

ssl.SSLError: [Errno 1] _ssl.c:503: sslv3 alert certificate unknown

据我收集，这来自客户端(例如Firefox)，向主机警告主机证书无效.很好，但是为什么它会导致脚本终止?我必须以某种方式明确地忽略警报吗?

From what I gather, this comes from the client (say, Firefox) alerting the host that the certificate is invalid. That's fine, but why does it cause the script to terminate? Must I explicitly ignore the alert somehow?

推荐答案

尝试捕获异常并将其忽略.应该是致命的.

Try catching the exception and ignoring it. It is supposed to be non-fatal.

sslconn = ssl.wrap_socket(conn, server_side=True, certfile="server.crt",
                          keyfile="server.key", cert_reqs=ssl.CERT_NONE,
                          do_handshake_on_connect=False)
try:
    sslconn.do_handshake()
except ssl.SSLError, err:
    if err.args[1].find("sslv3 alert") == -1:
        raise

这篇关于忽略“证书未知"警报的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！