请求:cert 和 verify 有什么区别? [英] Requests: what is the difference between cert and verify?

问题描述

cert 和 verify 有什么区别?

What is the difference between cert and verify?

来自文档:

verify –(可选)如果为 True，将验证 SSL 证书.还可以提供 CA_BUNDLE 路径.cert –(可选)如果是字符串，则为 ssl 客户端证书文件 (.pem) 的路径.如果是 Tuple，则为 (‘cert’, ‘key’) 对.

verify – (optional) if True, the SSL cert will be verified. A CA_BUNDLE path can also be provided. cert – (optional) if String, path to ssl client cert file (.pem). If Tuple, (‘cert’, ‘key’) pair.

这是否意味着我可以做到以下几点:

Does this mean I can do the following:

CA_BUNDLE='path/to/.pem'
requests.get(url=google.com, verify= CA_BUNDLE)

或

Cert='path/to/.pem'
requests.get(url=google.com, cert=Cert)

他们看起来都在做同样的事情.除了 verify 可以禁用 ssl 验证.

They both look like they do the same thing. except verify can disable ssl verification.

我正在尝试使用 PYinstaller 将我的代码编译为 exe.我正在使用我看到已经有一个 cacert.pem 文件的 certifi 模块，但我想我仍然必须将它与我的代码捆绑在一起.

I am trying to compile my code to an exe using PYinstaller. I am using certifi module that I see already has a cacert.pem file but I guess I still have to bundle it with my code.

在我的代码中，我是修改 ...verify 还是 cert?...使用 cacert.pem 的路径还是只是 'cacert.pem'?

In my code do I modify ...verify or cert?...with a path to cacert.pem or just 'cacert.pem'?

推荐答案

我觉得文档里写的很清楚:http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

I think it is clearly stated in the documentation: http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

cert 选项是向您发送自己的证书，例如使用客户端证书对服务器进行身份验证.它需要一个证书文件，如果密钥与证书不在同一个文件中，则还需要密钥文件.

The option cert is to send you own certificate, e.g. authenticate yourself against the server using a client certificate. It needs a certificate file and if the key is not in the same file as the certificate also the key file.

verify 选项用于启用(默认)或禁用服务器证书的验证.它可以采用 True 或 False 或包含受信任 CA 的文件的名称.如果没有给出我认为(没有记录?)它将采用来自 OpenSSL 的默认 CA 路径/文件，该路径通常适用于 UNIX(可能除了 OS X)而不适用于 Windows.

The option verify is used to enable (default) or disable verification of the servers certificate. It can take True or False or a name of a file which contains the trusted CAs. If not given I think (not documented?) it will take the default CA path/file from OpenSSL, which works usually on UNIX (except maybe OS X) and not on windows.

这篇关于请求:cert 和 verify 有什么区别?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！