pycurl 和 SSL 证书 [英] pycurl and SSL cert
问题描述
我正在尝试编写一个 pycurl 脚本来访问安全站点 (HTTPS).
c = pycurl.Curl()c.setopt(pycurl.USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0')c.setopt(pycurl.URL, 'https://for-example-securedsite')c.setopt(pycurl.COOKIEFILE, 'cookie.txt')c.setopt(pycurl.COOKIEJAR, 'cookies.txt')c.setopt(pycurl.WRITEDATA, 文件("page.html","wb"))我收到以下错误..
pycurl.error: (60, 'SSL 证书问题,验证 CA 证书是否正常.详细信息:\nerror:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败')
代码失败,因为它无法获得 SSL 证书.
如果我将以下几行添加到我的代码中,错误就会消失.
c.setopt(pycurl.SSL_VERIFYPEER, 0)c.setopt(pycurl.SSL_VERIFYHOST, 0)以上代码将跳过证书验证.但它受到了中间人"的攻击.</p>
我知道我的本地证书存储中有 SSL 证书.有谁知道如何导出我的证书并使用我的代码.. 一些示例代码会很棒..
感谢您的时间!
你说得对,你这样做的方式会让你遭受中间人攻击,尤其是考虑到 最新的 SSL 漏洞.您可以通过以下方式解决:
导入pycurl卷曲 = pycurl.Curl()curl.setopt(pycurl.URL, "https://your-secure-website.com/")curl.setopt(pycurl.SSL_VERIFYPEER,1)curl.setopt(pycurl.SSL_VERIFYHOST,2)curl.setopt(pycurl.CAINFO, "/path/to/updated-certificate-chain.crt")curl.perform()curl 默认带有过时的证书列表.无论您是要更新它还是仅使用您自己的证书进行测试,请确保将 updated-certificate-chain.crt 文件放在可访问的位置并使用 pycurl.CAINFO 选项指向它.
还要确保 pycurl.SSL_VERIFYHOST 设置为 2,这是最高的安全检查设置.
I am trying to write a pycurl script to access a secured site (HTTPS).
c = pycurl.Curl()
c.setopt(pycurl.USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0')
c.setopt(pycurl.URL, 'https://for-example-securedsite')
c.setopt(pycurl.COOKIEFILE, 'cookie.txt')
c.setopt(pycurl.COOKIEJAR, 'cookies.txt')
c.setopt(pycurl.WRITEDATA, file("page.html","wb"))
I am getting the below error..
pycurl.error: (60, 'SSL certificate problem, verify that the CA cert is OK. Details:\nerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed')
The code failed, as it failed to get the SSL cert.
The error went away if I add the below lines to my code.
c.setopt(pycurl.SSL_VERIFYPEER, 0)
c.setopt(pycurl.SSL_VERIFYHOST, 0)
The above code will skip the certificate verification. But its subjected to 'man in middle' attack.
I know I have the SSL certificate in my local certificate store. Do anyone know how to export my certificate and use it my code.. Some sample codes will be awesome..
Thanks for your time!
You are right, the way you are doing it subjects you to a man-in-the-middle attack, especially in light of the most recent SSL vulnerabilities. You can resolve it as follows:
import pycurl
curl = pycurl.Curl()
curl.setopt(pycurl.URL, "https://your-secure-website.com/")
curl.setopt(pycurl.SSL_VERIFYPEER, 1)
curl.setopt(pycurl.SSL_VERIFYHOST, 2)
curl.setopt(pycurl.CAINFO, "/path/to/updated-certificate-chain.crt")
curl.perform()
curl by default comes with an outdated certificate list. Whether you want to update it or just use your own certs for testing, make sure to place the updated-certificate-chain.crt file in an accessible location and use the pycurl.CAINFO option to point to it.
Also make sure pycurl.SSL_VERIFYHOST is set to 2, the highest security check setting.
这篇关于pycurl 和 SSL 证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
