Here's a bug in the official Python bugtrackerthat looks relevant, and has a proposed patch.

这是官方 Python 错误跟踪器中的一个错误，看起来很相关，并且有一个建议的补丁。

Because alex's answer is a link, and the code on that page is poorly formatted, I'm just going to put this here for posterity:

因为亚历克斯的回答是一个链接，而且该页面上的代码格式很差，所以我只想把它放在这里供后人使用：

import urllib2, httplib

class HTTPSClientAuthHandler(urllib2.HTTPSHandler):
    def __init__(self, key, cert):
        urllib2.HTTPSHandler.__init__(self)
        self.key = key
        self.cert = cert

    def https_open(self, req):
        # Rather than pass in a reference to a connection class, we pass in
        # a reference to a function which, for all intents and purposes,
        # will behave as a constructor
        return self.do_open(self.getConnection, req)

    def getConnection(self, host, timeout=300):
        return httplib.HTTPSConnection(host, key_file=self.key, cert_file=self.cert)

opener = urllib2.build_opener(HTTPSClientAuthHandler('/path/to/file.pem', '/path/to/file.pem.') )
response = opener.open("https://example.org")
print response.read()

Per Antoine Pitrou's response to the issue linked in Hank Gay's answer, this can be simplified somewhat (as of 2011) by using the included ssllibrary:

根据 Antoine Pitrou 对 Hank Gay 回答中链接的问题的回应，可以通过使用包含的ssl库来稍微简化（截至 2011 年）：

import ssl
import urllib.request

context = ssl.create_default_context()
context.load_cert_chain('/path/to/file.pem', '/path/to/file.key')
opener = urllib.request.build_opener(urllib.request.HTTPSHandler(context=context))
response = opener.open('https://example.org')
print(response.read())

(Python 3 code, but the ssllibrary is also available in Python 2).

（Python 3 代码，但该ssl库在 Python 2 中也可用）。

The load_cert_chainfunction also accepts an optional password parameter, allowing the private key to be encrypted.

该load_cert_chain函数还接受一个可选的密码参数，允许对私钥进行加密。

check http://www.osmonov.com/2009/04/client-certificates-with-urllib2.html

检查http://www.osmonov.com/2009/04/client-certificates-with-urllib2.html