Python请求“证书验证失败”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/18999517/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Python requests "certificate verify failed"
提问by Garrett Smith
I'm maintaining a Python mini-app that uses requests + HTTPS.
我正在维护一个使用请求 + HTTPS 的 Python 迷你应用程序。
The app worked until the IP address of the hostname in the HTTPS URL changed (legitimately). If I point my browser to the URL I can retrieve it fine.
该应用程序一直运行,直到 HTTPS URL 中主机名的 IP 地址发生变化(合法)。如果我将浏览器指向 URL,我可以很好地检索它。
Where does Python/requests keep the analog of ssh's known_hosts and how do I clear it for this host?
Python/requests 在哪里保存 ssh 的 known_hosts 的模拟,我如何为这个主机清除它?
$ python --version
Python 2.7.3
$ cat foo.py
import requests
url = "https://somehost/resource.json"
requests.get(url, timeout=5, config={'danger_mode': True})
$ source venv/bin/activate
$ python foo.py
Traceback (most recent call last):
File "foo.py", line 3, in <module>
requests.get(url, timeout=5, config={'danger_mode': True})
File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/api.py", line 65, in get
return request('get', url, **kwargs)
File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/safe_mode.py", line 39, in wrapped
return function(method, url, **kwargs)
File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/api.py", line 51, in request
return session.request(method=method, url=url, **kwargs)
File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 241, in request
r.send(prefetch=prefetch)
File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/models.py", line 641, in send
raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
采纳答案by Ian Stapleton Cordasco
You're using an ancient version of requests. You'll get a more helpful message if you upgrade to 2.0 and if your site has a certificate mismatch you may be able to fix it by specifying the system certificates which will be able to verify an intermediate certificate. You can also just have requests not verify your certificate as Andre suggested.
您正在使用旧版本的请求。如果您升级到 2.0,并且您的站点的证书不匹配,您将收到一条更有用的消息,您可以通过指定能够验证中间证书的系统证书来修复它。您也可以像安德烈建议的那样,让请求不验证您的证书。
回答by Garrett Smith
It turned out that during the server upgrade mentioned in the question an incorrectly-signed certificate was installed. HTTPS in the browser worked because of the root certificate differences between the Windows browser machine and Ubuntu Python client. HTTPS via a browser from the same Ubuntu machine on which Python was run revealed the certificate problem details.
事实证明,在问题中提到的服务器升级期间,安装了签名不正确的证书。由于 Windows 浏览器机器和 Ubuntu Python 客户端之间的根证书差异,浏览器中的 HTTPS 有效。来自运行 Python 的同一台 Ubuntu 机器上的浏览器通过 HTTPS 显示了证书问题的详细信息。
The IP change had little to do with the problem except to confuse things.
除了混淆事物之外,IP 更改与问题几乎没有关系。
Promoting my comment to an answer as:
将我的评论提升为答案:
- this answered my question
- this question is getting enough traffic I'd like to share the knowledge.
- 这回答了我的问题
- 这个问题获得了足够的流量,我想分享知识。
回答by Christopher
If the above doesn't work, and you find out it is local, then this solution worked for me...
如果上述方法不起作用,并且您发现它是本地的,那么此解决方案对我有用...
Essentially run the Install Certificates.command file within Python folder.
基本上运行 Python 文件夹中的 Install Certificates.command 文件。
