Python 尝试访问资源自定义证书和请求时的 SSLError("bad handshake")
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/47208466/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
SSLError("bad handshake") when trying to access resources Custom Certificates and Requests
提问by lopow
I want to program webservices to exchange data in Python using Zeep. I can access services only with my certificate. I have a PFX certificate, but I converted it to two .pemfiles.
我想使用 Zeep 编写 Web 服务以在 Python 中交换数据。我只能使用我的证书访问服务。我有一个 PFX 证书,但我将其转换为两个.pem文件。
My code:
我的代码:
from zeep import Client
from zeep.wsse.signature import Signature
import requests
from requests import Session
key_filename ='/.files/cert.key.pem'
cert_filename = './files/cert.crt.pem'
session = Session()
r = requests.get('https:...../PingWs?wsdl',
cert=(cert_filename, key_filename))
print (r)
But I get
但我得到
raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='evidim-test.gov.si', port=443): Max retries exceeded with url: /ws/test/PingWs?wsdl (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))
引发 SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='evidim-test.gov.si', port=443): Max retries exceeded with url: /ws/test/PingWs?wsdl (Caused通过 SSLError(SSLError("握手错误:Error([('SSL 例程', 'tls_process_server_certificate', '证书验证失败')],)",),))
回答by sshussain270
Its an issue you will have to resolve by whitelisting the CA certificate used to sign the remote server certificate you are trying to connect to from your system settings. But for the purposes of testing out only, you can turn off the verification using:
这是您必须通过将用于签署您尝试从系统设置连接到的远程服务器证书的 CA 证书列入白名单来解决的问题。但仅出于测试目的,您可以使用以下方法关闭验证:
r = requests.get('https:...../PingWs?wsdl',verify=False)
Don't use this in production.
不要在生产中使用它。
Hope it helps!
希望能帮助到你!
回答by Sam Hartman
This error almost certainly means that the remote endpoint is not signed with a certificate in your local certificate authority store. You have two options:
此错误几乎肯定意味着远程端点未使用本地证书颁发机构存储中的证书进行签名。您有两个选择:
Install the certificate in the CA store that requests uses. By default this is your local system CA store, at least as well as it can be determined by requests.
Configure a different set of certificates to be used on a requests session object.
在请求使用的 CA 存储中安装证书。默认情况下,这是您的本地系统 CA 存储,至少可以由请求确定。
配置一组不同的证书以用于请求会话对象。
As an example:
举个例子:
import requests.sessions
photon_requests_session = requests.sessions.Session()
photon_requests_session.verify = "/etc/photon/cacerts.pem"
Then I need to make sure that the server CA certificate is in /etc/photon/cacerts.pem. I use this like:
然后我需要确保服务器 CA 证书在 /etc/photon/cacerts.pem 中。我这样使用:
r = photon_requests_session.get(url)
回答by oroel
Check your time and date is correct. SSL can give problems if not
检查您的时间和日期是否正确。如果没有,SSL 可能会出现问题
