如何解决curl --cacert vs python请求验证
我正在尝试通过https连接到使用非官方CA的网站。出于某种原因,它适用于curl但不适用于python请求。
请参见下面的示例
Python 3.8.0 (default,Oct 30 2019,11:47:54)
Type 'copyright','credits' or 'license' for more information
IPython 7.9.0 -- An enhanced Interactive Python. Type '?' for help.
In [1]: import requests
In [2]: requests.__version__
Out[2]: '2.22.0'
In [3]: cert = "..."
In [4]: url = "..."
In [5]: !curl --cacert {cert} {url}
{"status":200}
In [6]: requests.get(url,verify=cert)
---------------------------------------------------------------------------
SSLCertVerificationError Traceback (most recent call last)
...
SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)
During handling of the above exception,another exception occurred:
MaxRetryError: HTTPSConnectionPool(host='...',port=443): Max retries exceeded with url: ... (Caused by SSLError(SSLCertVerificationError(1,'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)')))
During handling of the above exception,another exception occurred:
SSLError Traceback (most recent call last)
...
SSLError: HTTPSConnectionPool(host='...','[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)')))
我在做什么错?为什么表现不同?
-编辑-
curl肯定正在使用此证书,如果没有,curl将会失败
In [9]: !curl {url}
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html
...
In [10]:
解决方法
...这是一个中间CA
在信任库中仅具有中间CA不足以验证证书,至少对于当前版本的Python而言还不够。此功能需要使用OpenSSL标志X509_V_FLAG_PARTIAL_CHAIN
进行验证,该标志为neither currently exposed by Python或默认未设置。
与此卷曲sets this flag by default在较新版本中相反,因此可以正常工作。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。