Python请求以字符串形式发送证书 [英] Python requests send certificate as string
问题描述
cert ='path / to / cert_file.pem'
url ='https://example.com/api'
requests.get(url,cert = cert,verify = True)
当我在本地物理地使用文件时,这很好。
我们在heroku上托管应用程序并使用环境变量。
请求模块似乎不接受证书作为字符串。例如。
$ export CERTIFICATE =long-list-of-characters
requests.get(url ,cert = get_env('CERTIFICATE'),verify = True)
我也试过类似的东西:
cert = tempfile.NamedTemporaryFile()
cert.write(CERTIFICATE)
cert.seek 0)
requests.get(url,cert = cert.name,verify = True)
首先,它在本地工作,但不在heroku上。无论如何,它不像一个固定的解决方案。
我得到了一个SSL握手错误。
有什么建议?
我自己刚刚解决了像你这样的情况。你走在正确的道路上;所有你必须做的是
1。传递 delete = False
to NamedTemporaryFile()
,所以调用 close()
$后文件不会被删除b $ b
2。 close()
使用它之前的临时文件,所以它会被保存
请注意,这是一个非常不安全的事情。根据我的理解, delete = False
即使在删除引用后仍会保留在磁盘上。因此,要删除文件,您应手动调用 os.unlink(tmpfile.name)
。
执行此操作与证书是一个巨大的安全风险:您必须必须确保具有证书的字符串是安全和隐藏的,没有人可以访问服务器。
然而,例如,在Heroku服务器上作为测试环境管理应用程序,以及在云中构建的Docker映像(其中 COPY
指令不是一个选项。它也比将文件存储在你的git仓库中更好:D
I cant seem to get the handshake working properly.
cert = 'path/to/cert_file.pem'
url = 'https://example.com/api'
requests.get(url, cert=cert, verify=True)
This is fine when I use it locally where I have the file physically. We host our application on heroku and use environvariables.
The requests module doesnt seem to accept certificates as strings. eg.
$ export CERTIFICATE="long-list-of-characters"
requests.get(url, cert=get_env('CERTIFICATE'), verify=True)
I have also tried something like this:
cert = tempfile.NamedTemporaryFile()
cert.write(CERTIFICATE)
cert.seek(0)
requests.get(url, cert=cert.name, verify=True)
First of all, it works locally but not on heroku. Anyways, it doesnt feel like a solid solution. I get a SSL handshake error.
Any suggestions?
Vasili's answer is technically correct, though per se it doesn't answer your question. The keyfile, truly, must be unencrypted to begin with.
I myself have just resolved a situation like yours. You were on the right path; all you had to do was
1. Pass delete=False
to NamedTemporaryFile()
, so the file wouldn't be deleted after calling close()
2. close()
the tempfile before using it, so it would be saved
Note that this is a very unsafe thing to do. delete=False
, as I understand, causes the file to stay on disk even after deleting the reference to it. So, to delete the file, you should manually call os.unlink(tmpfile.name)
.
Doing this with certificates is a huge security risk: you must ensure that the string with the certificate is secured and hidden and nobody has access to the server.
Nevertheless, it is quite a useful practice in case of, for example, managing your app both on a Heroku server as a test environment and in a Docker image built in the cloud, where COPY
directives are not an option. It is also definitely better than storing the file in your git repository :D
这篇关于Python请求以字符串形式发送证书的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!