Python请求-如何使用系统ca证书(debian / ubuntu)? [英] Python Requests - How to use system ca-certificates (debian/ubuntu)?
问题描述
我已经在debian的 / usr / share / ca-certificates / local
中安装了一个自签名的root ca证书,并用 sudo安装了它们dpkg-重新配置ca证书
。此时 true | gnutls-cli mysite.local
很高兴,并且 true | openssl s_client -connect mysite.local:443
很高兴,但是python2和python3请求模块坚持对证书不满意。
I've installed a self-signed root ca cert into debian's /usr/share/ca-certificates/local
and installed them with sudo dpkg-reconfigure ca-certificates
. At this point true | gnutls-cli mysite.local
is happy, and true | openssl s_client -connect mysite.local:443
is happy, but python2 and python3 requests module insists it is not happy with the cert.
python2 :
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 70, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/api.py", line 56, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
python3
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/usr/local/bin/python3.5/site-packages/requests/api.py", line 70, in get
return request('get', url, params=params, **kwargs)
File "/usr/local/bin/python3.5/site-packages/requests/api.py", line 56, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/bin/python3.5/site-packages/requests/sessions.py", line 488, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/bin/python3.5/site-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/usr/local/bin/python3.5/site-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
为什么python会忽略系统ca-certificates软件包,以及如何集成它?
推荐答案
来自 https://stackoverflow.com/a/33717517/1695680
要使python请求使用系统ca-certificates捆绑软件,需要告知它在其自己的嵌入式捆绑软件上使用
To make python requests use the system ca-certificates bundle, it needs to be told to use it over its own embedded bundle
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
请求将其捆绑包嵌入此处,以供参考:
Requests embeds its bundles here, for reference:
/usr/local/lib/python2.7/site-packages/requests/cacert.pem
/usr/lib/python3/dist-packages/requests/cacert.pem
这篇关于Python请求-如何使用系统ca证书(debian / ubuntu)?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!