Python Boto [SSL: CERTIFICATE_VERIFY_FAILED] 连接到 S3 时证书验证失败
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28115250/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Boto [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed while connecting to S3
提问by Siddarth
I am trying to connect to S3 using boto, but it seems to fail. I've tried some workarounds, but they don't seem to work. Can anyone please help me with this. Below is the code.
我正在尝试使用 boto 连接到 S3,但似乎失败了。我尝试了一些解决方法,但它们似乎不起作用。任何人都可以帮我解决这个问题。下面是代码。
import boto
if not boto.config.has_section('Credentials'):
boto.config.add_section('Credentials')
boto.config.set('Credentials', 'aws_access_key_id', AWS_KEY)
boto.config.set('Credentials', 'aws_secret_access_key', AWS_SECRET_KEY)
if not boto.config.has_section('Boto'):
boto.config.add_section('Boto')
boto.config.set('Boto', 'https_validate_certificates', 'False')
boto.config.add_section('aws info')
boto.config.set('aws info','aws_validate_certs','False')
s3 = boto.connect_s3(validate_certs=False)
bucket = s3.get_bucket(Bucket_NAME)
采纳答案by Siddarth
I found a way,
我找到了一个方法,
used is_secure=Falsein connect_s3().
使用is_secure=False在connect_s3()。
回答by linqu
Probably your bucket name contains a dot, that's why ssl certificate verification fails. This is quite a frequent problem, see this github issuefor example.
可能您的存储桶名称包含一个点,这就是 ssl 证书验证失败的原因。这是一个很常见的问题,例如参见这个github 问题。
Don't use an insecure connection (is_secure=False), instead use OrdinaryCallingFormat:
不要使用不安全的连接 ( is_secure=False),而是使用OrdinaryCallingFormat:
import boto
conn = boto.s3.connect_to_region('eu-west-1', calling_format=boto.s3.connection.OrdinaryCallingFormat())
bucket = conn.get_bucket(your_bucket)
You probably need to update your AWS Region, e.g. us-east-1
您可能需要更新您的AWS 区域,例如us-east-1
回答by diabloneo
I encounter this problem, too. My environment is Ubuntu 15.04, Python 2.7.9 and Boto 2.38.0.
我也遇到这个问题。我的环境是 Ubuntu 15.04、Python 2.7.9 和 Boto 2.38.0。
Setting the argument validate_certs=Falsedoesn't make it work with the HTTPS connection without valid certificate. After reading the code of boto, I found that it's a behavior of Python's ssl modules. Then I found a solution here: "SSL: CERTIFICATE_VERIFY_FAILED" Error. And the solution does work!!!.
设置参数validate_certs=False不会使其与没有有效证书的 HTTPS 连接一起使用。看了boto的代码,发现是Python的ssl模块的行为。然后我在这里找到了一个解决方案:"SSL: CERTIFICATE_VERIFY_FAILED" Error。解决方案确实有效!!!。
回答by steamer25
macOS users: If you are using the Python 3.6 from the python.org binary installer linked on this page, please carefully read the Important Information displayed during installation; this information is also available after installation by clicking on /Applications/Python 3.6/ReadMe.rtf. There is important information there about changes in the 3.6.0 installer-supplied Python, particularly with regard to SSL certificate validation.
macOS 用户:如果您使用的是本页链接的 python.org 二进制安装程序中的 Python 3.6,请仔细阅读安装过程中显示的重要信息;通过单击 /Applications/Python 3.6/ReadMe.rtf 也可以在安装后获得此信息。那里有关于 3.6.0 安装程序提供的 Python 中的更改的重要信息,特别是关于 SSL 证书验证。
https://www.python.org/downloads/release/python-360/
https://www.python.org/downloads/release/python-360/
From ReadMe.rtf at the time of this writing:
在撰写本文时来自 ReadMe.rtf:
Certificate verification and OpenSSL
NEWThis variant of Python 3.6 now includes its own private copy of OpenSSL 1.0.2. Unlike previous releases, the deprecated Apple-supplied OpenSSL libraries are no longer used. This also means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. For 3.6.0, a sample command script is included in /Applications/Python 3.6 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.python.org/pypi/certifi). If you choose to use certifi, you should consider subscribing to the project's email update service to be notified when the certificate bundle is updated.
The bundled pip included with the Python 3.6 installer has its own default certificate store for verifying download connections.
证书验证和 OpenSSL
新Python 3.6 的这个变体现在包括它自己的 OpenSSL 1.0.2 私有副本。与以前的版本不同,不再使用已弃用的 Apple 提供的 OpenSSL 库。这也意味着由钥匙串访问应用程序和安全命令行实用程序管理的系统和用户钥匙串中的信任证书不再被 Python ssl 模块用作默认值。对于 3.6.0,/Applications/Python 3.6 中包含一个示例命令脚本,用于从第三方 certifi 包 ( https://pypi.python.org/pypi/certifi) 安装精选的默认根证书包。如果您选择使用 certifi,您应该考虑订阅项目的电子邮件更新服务,以便在证书包更新时收到通知。
Python 3.6 安装程序附带的捆绑 pip 有自己的默认证书存储,用于验证下载连接。
回答by peaxol
In boto3, if you are using the s3 client, use verify=False when creating the s3 client. For eg:
在 boto3 中,如果您使用的是 s3 客户端,则在创建 s3 客户端时使用 verify=False。例如:
s3 = boto3.client('s3', verify=False)
As mentioned on boto3 documentation, this only turns off validation of SSL certificates. SSL will still be used (unless use_ssl is False), but SSL certificates will not be verified.
正如 boto3 文档中提到的,这只会关闭 SSL 证书的验证。仍将使用 SSL(除非 use_ssl 为 False),但不会验证 SSL 证书。
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html
https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html
回答by saptarshi
add verify=False
添加验证=假
boto3.resource(
"s3",
endpoint_url=<URL>,
aws_access_key_id=<ID>,
aws_secret_access_key=<Key>,
verify=False
)
