我遇到了一个与这里讨论的问题非常相似的问题
我正在使用带有urllib3库的python 3.4。
当我测试下面的代码时,我得到:
Traceback (most recent call last):
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 345, in _make_request
self._validate_conn(conn)
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 844, in _validate_conn
conn.connect()
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connection.py", line 326, in connect
ssl_context=context)
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/util/ssl_.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/usr/lib/python3.4/ssl.py", line 364, in wrap_socket
_context=self)
File "/usr/lib/python3.4/ssl.py", line 578, in __init__
self.do_handshake()
File "/usr/lib/python3.4/ssl.py", line 805, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/adapters.py", line 423, in send
timeout=timeout
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/packages/urllib3/connectionpool.py", line 630, in urlopen
raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/julimatt/workspace2/zibawa/stack_configs/tests.py", line 44, in test_bind_grafana
result=getFromGrafanaApi(apiurl, data,'GET')
File "/home/julimatt/workspace2/zibawa/stack_configs/models.py", line 317, in getFromGrafanaApi
verify=ca_certs,
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/sessions.py", line 609, in send
r = adapter.send(request, **kwargs)
File "/home/julimatt/zibawa3/zib3/lib/python3.4/site-packages/requests/adapters.py", line 497, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)
我的代码是:
from requests import Request, Session
ca_certs='/path/to/letsencypt/fullchain.pem'
url= 'https://myserver.com:3000/api/org'
username= settings.DASHBOARD['user']
password= settings.DASHBOARD['password']
headers = {'Accept': 'application/json',
'Content-Type' : 'application/json',}
s = Session()
req = Request('GET', url, data=data, headers=headers, auth=(username,password))
prepped = s.prepare_request(req)
resp = s.send(prepped,
verify=ca_certs,
)
print(resp.status_code)
return resp
如果我在请求中使用"verify=False"测试我的代码,那么它工作正常,但这显然不是一个安全的解决方案。
我尝试使用以下命令从同一台计算机上的终端测试我的 ssl 连接:
openssl s_client -connect myserver.com:3000 -CAfile /path/to/letsencypt/fullchain.pem
然后我得到了一个成功的握手。
所以我不明白为什么我会收到这个错误。
提前感谢您提供的任何帮助。
我不明白要使用哪个根证书,并且一直在使用中间证书。
溶液:
在letsencrypt 社区的帮助下,我从 https://www.identrust.com/certificates/trustid/root-download-x3.html 复制了 DST 根 CA X3。 我还必须将"-----开始证书-----"和"-----结束证书-----"行添加到我的文件中。 然后保存这个文件,当从python调用apis时,我能够将"ca_certs"设置为指向此文件,并且"verify_certs"现在可以工作了。