小贝子编程

ssl.SSLCertVerification错误:证书验证失败:无法获取本地颁发者证书(_ssl.c:1108)



我使用下面的代码来实现单向身份验证,文件ca.crt由服务器生成

import ssl
import urllib.request
CERT_CA = './ca.crt'
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.check_hostname = False
context.load_verify_locations(CERT_CA)
context.verify_mode = ssl.CERT_REQUIRED
server_api = 'https://xxxxxxxx'
request = urllib.request.Request(server_api, method='GET')
resp = urllib.request.urlopen(request, context=context)

但是得到一个例外:

Traceback (most recent call last):
File "/usr/local/lib/python3.8/urllib/request.py", line 1319, in do_open
h.request(req.get_method(), req.selector, req.data, headers,
File "/usr/local/lib/python3.8/http/client.py", line 1230, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1276, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1225, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py", line 1004, in _send_output
self.send(msg)
File "/usr/local/lib/python3.8/http/client.py", line 944, in send
self.connect()
File "/usr/local/lib/python3.8/http/client.py", line 1399, in connect
self.sock = self._context.wrap_socket(self.sock,
File "/usr/local/lib/python3.8/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.8/ssl.py", line 1040, in _create
self.do_handshake()
File "/usr/local/lib/python3.8/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "tst.py", line 20, in <module>
resp = urllib.request.urlopen(request, context=context)
File "/usr/local/lib/python3.8/urllib/request.py", line 222, in urlopen
return opener.open(url, data, timeout)
File "/usr/local/lib/python3.8/urllib/request.py", line 525, in open
response = self._open(req, data)
File "/usr/local/lib/python3.8/urllib/request.py", line 542, in _open
result = self._call_chain(self.handle_open, protocol, protocol +
File "/usr/local/lib/python3.8/urllib/request.py", line 502, in _call_chain
result = func(*args)
File "/usr/local/lib/python3.8/urllib/request.py", line 1362, in https_open
return self.do_open(http.client.HTTPSConnection, req,
File "/usr/local/lib/python3.8/urllib/request.py", line 1322, in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>

certifi==2020.6.20和urllib3==1.25.10

我该如何解决这个问题,请求需要身份验证,所以请不要使用类似verify=False的东西。

非常感谢

问题解决了,因为我使用了错误的服务器主机地址。上面的代码对于单向身份验证情况是有效的

我已经能够通过使用我从网络管理员那里请求的ca捆绑包来解决这个问题。这被映射到REQUESTS_CA_BUNDLE环境变量:

# .bashrc
export REQUESTS_CA_BUNDLE=/path/to/cacert.pem

重新启动您的终端并再次尝试pip install

相关内容

  • 没有找到相关文章

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium