Python请求以字符串形式发送证书 [英] Python requests send certificate as string

问题描述

  cert ='path / to / cert_file.pem'
 url ='https://example.com/api'
 
 requests.get（url，cert = cert，verify = True）
  

当我在本地物理地使用文件时，这很好。
我们在heroku上托管应用程序并使用环境变量。

请求模块似乎不接受证书作为字符串。例如。

  $ export CERTIFICATE =long-list-of-characters
 
 requests.get（url ，cert = get_env（'CERTIFICATE'），verify = True）
  

我也试过类似的东西：

  cert = tempfile.NamedTemporaryFile（）
 cert.write（CERTIFICATE）
 cert.seek 0）
 requests.get（url，cert = cert.name，verify = True）
  

首先，它在本地工作，但不在heroku上。无论如何，它不像一个固定的解决方案。
我得到了一个SSL握手错误。

有什么建议？

解决方案

我自己刚刚解决了像你这样的情况。你走在正确的道路上;所有你必须做的是

1。传递 delete = False to NamedTemporaryFile（），所以调用 close（）

$后文件不会被删除b $ b

2。 close（）使用它之前的临时文件，所以它会被保存

请注意，这是一个非常不安全的事情。根据我的理解， delete = False 即使在删除引用后仍会保留在磁盘上。因此，要删除文件，您应手动调用 os.unlink（tmpfile.name）。

执行此操作与证书是一个巨大的安全风险：您必须必须确保具有证书的字符串是安全和隐藏的，没有人可以访问服务器。

然而，例如，在Heroku服务器上作为测试环境管理应用程序，以及在云中构建的Docker映像（其中 COPY 指令不是一个选项。它也比将文件存储在你的git仓库中更好：D

I cant seem to get the handshake working properly.

cert = 'path/to/cert_file.pem'
url = 'https://example.com/api'

requests.get(url, cert=cert, verify=True)

This is fine when I use it locally where I have the file physically. We host our application on heroku and use environvariables.

The requests module doesnt seem to accept certificates as strings. eg.

$ export CERTIFICATE="long-list-of-characters"

requests.get(url, cert=get_env('CERTIFICATE'), verify=True)

I have also tried something like this:

cert = tempfile.NamedTemporaryFile()
cert.write(CERTIFICATE)
cert.seek(0)
requests.get(url, cert=cert.name, verify=True)

First of all, it works locally but not on heroku. Anyways, it doesnt feel like a solid solution. I get a SSL handshake error.

Any suggestions?

解决方案

Vasili's answer is technically correct, though per se it doesn't answer your question. The keyfile, truly, must be unencrypted to begin with.

I myself have just resolved a situation like yours. You were on the right path; all you had to do was

1. Pass delete=False to NamedTemporaryFile(), so the file wouldn't be deleted after calling close()

2. close() the tempfile before using it, so it would be saved

Note that this is a very unsafe thing to do. delete=False, as I understand, causes the file to stay on disk even after deleting the reference to it. So, to delete the file, you should manually call os.unlink(tmpfile.name).

Doing this with certificates is a huge security risk: you must ensure that the string with the certificate is secured and hidden and nobody has access to the server.

Nevertheless, it is quite a useful practice in case of, for example, managing your app both on a Heroku server as a test environment and in a Docker image built in the cloud, where COPY directives are not an option. It is also definitely better than storing the file in your git repository :D

这篇关于Python请求以字符串形式发送证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！