如何让 Python 请求信任自签名 SSL 证书?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/30405867/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to get Python requests to trust a self signed SSL certificate?
提问by Matthew Moisen
import requests
data = {'foo':'bar'}
url = 'https://foo.com/bar'
r = requests.post(url, data=data)
If the URL uses a self signed certificate, this fails with
如果 URL 使用自签名证书,则会失败
requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
I know that I can pass Falseto the verifyparameter, like this:
我知道我可以传递False给verify参数,如下所示:
r = requests.post(url, data=data, verify=False)
However, what I would like to do is point requests to a copy of the public key on disk and tell it to trust that certificate.
但是,我想做的是将请求指向磁盘上的公钥副本并告诉它信任该证书。
采纳答案by krock
try:
尝试:
r = requests.post(url, data=data, verify='/path/to/public_key.pem')
回答by Dr. Jan-Philip Gehrcke
With the verifyparameter you can provide a custom certificate authority bundle
使用该verify参数,您可以提供自定义证书颁发机构包
requests.get(url, verify=path_to_bundle_file)
From the docs:
从文档:
You can pass
verifythe path to a CA_BUNDLE file with certificates of trusted CAs. This list of trusted CAs can also be specified through the REQUESTS_CA_BUNDLE environment variable.
您可以将
verify路径传递到带有受信任 CA 证书的 CA_BUNDLE 文件。这个受信任的 CA 列表也可以通过 REQUESTS_CA_BUNDLE 环境变量指定。
回答by Mike N
The easiest is to export the variable REQUESTS_CA_BUNDLEthat points to your private certificate authority, or a specific certificate bundle. On the command line you can do that as follows:
最简单的方法是导出REQUESTS_CA_BUNDLE指向您的私有证书颁发机构或特定证书包的变量。在命令行上,您可以按如下方式执行此操作:
export REQUESTS_CA_BUNDLE=/path/to/your/certificate.pem
python script.py
If you have your certificate authority and you don't want to type the exporteach time you can add the REQUESTS_CA_BUNDLEto your ~/.bash_profileas follows:
如果你有你的证书颁发机构,您不想输入export您可以添加每次REQUESTS_CA_BUNDLE你~/.bash_profile如下:
echo "export REQUESTS_CA_BUNDLE=/path/to/your/certificate.pem" >> ~/.bash_profile ; source ~/.bash_profile
回答by Halbert Stone
Case where multiple certificates are needed was solved as follows: Concatenate the multiple root pem files, myCert-A-Root.pem and myCert-B-Root.pem, to a file. Then set the requests REQUESTS_CA_BUNDLE var to that file in my ./.bash_profile.
需要多个证书的情况如下解决:将多个根 pem 文件 myCert-A-Root.pem 和 myCert-B-Root.pem 连接到一个文件中。然后将请求 REQUESTS_CA_BUNDLE var 设置为我的 ./.bash_profile 中的那个文件。
$ cp myCert-A-Root.pem ca_roots.pem
$ cat myCert-B-Root.pem >> ca_roots.pem
$ echo "export REQUESTS_CA_BUNDLE=~/PATH_TO/CA_CHAIN/ca_roots.pem" >> ~/.bash_profile ; source ~/.bash_profile
回答by Mat Schaffer
Incase anyone happens to land here (like I did) looking to add a CA (in my case Charles Proxy) for httplib2, it looks like you can append it to the cacerts.txtfile included with the python package.
如果有人碰巧来到这里(就像我一样)希望为 httplib2 添加 CA(在我的例子中是 Charles Proxy),看起来您可以将它附加到cacerts.txtpython 包中包含的文件中。
For example:
例如:
cat ~/Desktop/charles-ssl-proxying-certificate.pem >> /usr/local/google-cloud-sdk/lib/third_party/httplib2/cacerts.txt
The environment variables referenced in other solutions appear to be requests-specific and were not picked up by httplib2 in my testing.
其他解决方案中引用的环境变量似乎是特定于请求的,并且在我的测试中没有被 httplib2 选取。
回答by gizzmole
Setting export SSL_CERT_FILE=/path/file.crtshould do the job.
设置export SSL_CERT_FILE=/path/file.crt应该可以完成这项工作。
回答by gan
You may try:
你可以试试:
settings = s.merge_environment_settings(prepped.url, None, None, None, None)
You can read more here: http://docs.python-requests.org/en/master/user/advanced/
您可以在此处阅读更多信息:http: //docs.python-requests.org/en/master/user/advanced/
