当前位置:theitroad>在 python 2.7.9 中禁用默认证书验证

在 python 2.7.9 中禁用默认证书验证

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/30461969/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-19 08:27:48  来源:igfitidea点击:

disable default certificate verification in python 2.7.9

pythonssl

提问by Guillaume Vincent

I try to make a local HTTPS connection to a XMLRPC api. Since I upgrade to python 2.7.9 that enable by default certificates verification, I got a CERTIFICATE_VERIFY_FAILED error when I use my API

我尝试建立到 XMLRPC api 的本地 HTTPS 连接。由于我升级到默认启用证书验证的python 2.7.9,当我使用我的 API 时出现 CERTIFICATE_VERIFY_FAILED 错误

>>> test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',verbose=False, use_datetime=True)
>>> test.list_satellites()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/local/lib/python2.7/httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "/usr/local/lib/python2.7/httplib.py", line 850, in _send_output
    self.send(msg)
  File "/usr/local/lib/python2.7/httplib.py", line 812, in send
    self.connect()
  File "/usr/local/lib/python2.7/httplib.py", line 1212, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/local/lib/python2.7/ssl.py", line 566, in __init__
    self.do_handshake()
  File "/usr/local/lib/python2.7/ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>>> import ssl
>>> ssl._create_default_https_context = ssl._create_unverified_context
>>> test.list_satellites()
[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]

Does exists a pythonic way to disable default certificate verification in python 2.7.9 ?

在 python 2.7.9 中是否存在禁用默认证书验证的 pythonic 方法?

I don't realy know if it's good to change "private" global SSL attribute (ssl._create_default_https_context = ssl._create_unverified_context)

我真的不知道更改“私有”全局 SSL 属性是否好 ( ssl._create_default_https_context = ssl._create_unverified_context)

采纳答案by Cédric

You have to provide an unverified SSL context, constructed by hand or using the private function _create_unverified_context() from ssl module:

您必须提供一个未经验证的 SSL 上下文,由手工构建或使用来自 ssl 模块的私有函数 _create_unverified_context() :

import xmlrpclib
import ssl

test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl._create_unverified_context())
test.list_satellites()

Note: this code only works with python >= 2.7.9 (contextparameter was added in Python 2.7.9)

注意:此代码仅适用于 python >= 2.7.9(context参数是在 Python 2.7.9 中添加的)

If you want to have a code compatible with previous Python version, you have to use the transportparameter:

如果你想让代码与以前的 Python 版本兼容,你必须使用transport参数:

import xmlrpclib
import ssl

context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() \
          or None
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             transport=xmlrpclib.SafeTransport(use_datetime=True, 
                                                               context=context))
test.list_satellites()

回答by yoborider

With Python 2.6.6 for example:

以 Python 2.6.6 为例:

s = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API', transport=None, encoding=None, verbose=0,allow_none=0, use_datetime=0)

It works for me...

这个对我有用...

回答by Benjamin Peterson

It's possible to disable verification using the public sslAPIs existing on Python 2.7.9+:

可以使用sslPython 2.7.9+ 上现有的公共API禁用验证:

import xmlrpclib
import ssl

ssl_ctx = ssl.create_default_context()
ssl_ctx.check_hostname = False
ssl_ctx.verify_mode = ssl.CERT_NONE
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl_ctx)
test.list_satellites()

回答by Adnan Reza

I think another way to disable certificate verification could be:

我认为禁用证书验证的另一种方法可能是:

import xmlrpclib
import ssl

s=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
s.verify_mode=ssl.CERT_NONE

test=xmlrpclib.Server('https://admin:bz15h9v9n@localhost:9999/API',verbose=0,context=s)

相关推荐

将json文件保存到计算机python

将json文件保存到计算机python

Python Matplotlib 外图自动图例

Python Matplotlib 外图自动图例

Python UnBoundLocalError:分配前引用了局部变量 [计数器]

Python UnBoundLocalError:分配前引用了局部变量 [计数器]

Python NumPy 和 SciPy - .todense() 和 .toarray() 之间的区别

Python NumPy 和 SciPy - .todense() 和 .toarray() 之间的区别

相关推荐
最近更新
标签