尽管有最新的依赖关系,但 Python 请求出现 SSL 错误
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/42538930/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSL error with Python requests despite up-to-date dependencies
提问by N. Masson
I am getting an SSL "bad handshake" error. Most similar responses to this problem seem to stem from old libraries, 1024bit cert. incompatibility, etc... I thinki'm up to date, and can't figure out why i'm getting this error.
我收到 SSL“握手错误”错误。对此问题的大多数类似响应似乎源于旧库,1024 位证书。不兼容等...我想我是最新的,并且无法弄清楚为什么我会收到这个错误。
SETUP:
设置:
- requests 2.13.0
- certifi 2017.01.23
- 'OpenSSL 1.0.2g 1 Mar 2016'
- 请求 2.13.0
- 证书 2017.01.23
- 'OpenSSL 1.0.2g 2016 年 3 月 1 日'
I'm hitting this API (2048bit certificate key): https://api.sidecar.io/rest/v1/provision/application/device/count/
我正在点击这个 API(2048 位证书密钥):https://api.sidecar.io/rest/v1/provision/application/device/count/
And getting this error:
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
并收到此错误:
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
See l.44 of https://github.com/sidecar-io/sidecar-python-sdk/blob/master/sidecar.py
参见https://github.com/sidecar-io/sidecar-python-sdk/blob/master/sidecar.py 的l.44
If I turn verify=Falsein requests, I can bypass, but i'd rather figure out why the certification is failing.
如果我verify=False提交请求,我可以绕过,但我宁愿弄清楚认证失败的原因。
Any help is greatly appreciated; thanks!
任何帮助是极大的赞赏; 谢谢!
回答by Steffen Ullrich
The validation fails because the server you access is setup improperly, i.e. it is not a fault of your setup or code. Looking at the report from SSLLabsyou see
验证失败是因为您访问的服务器设置不正确,即这不是您的设置或代码的错误。查看来自 SSLLabs的报告,您会看到
This server's certificate chain is incomplete. Grade capped to B.
此服务器的证书链不完整。等级上限为 B。
This means that the server sends a certificate chain which is missing an intermediate certificate to the trusted root and thus your client can not build the trust chain. Most desktop browsers work around this problem by trying to get the missing certificate from somewhere else but normal TLS libraries will fail in this case. You would need to explicitly add the missing chain certificate as trusted to work around this problem:
这意味着服务器将缺少中间证书的证书链发送到受信任的根,因此您的客户端无法构建信任链。大多数桌面浏览器通过尝试从其他地方获取丢失的证书来解决此问题,但在这种情况下普通 TLS 库将失败。您需要将丢失的链证书显式添加为受信任以解决此问题:
import requests
requests.get('https://api.sidecar.io', verify = 'mycerts.pem')
mycerts.pemshould contain the missing intermediate certificate and the trusted root certificate. A tested version for mycerts.pemcan be found in http://pastebin.com/aZSKfyb7.
mycerts.pem应包含缺少的中间证书和受信任的根证书。mycerts.pem可以在http://pastebin.com/aZSKfyb7 中找到经过测试的版本。
回答by Shadkhan
This may help as workaround for your issue.
这可能有助于解决您的问题。
print(requests.get(url, proxies,verify = False))
