查看更新
我正在尝试使用自签名证书向 Web 服务器发送请求(在非自签名的站点上工作正常(,但不断收到错误:
SSLEOFERROR EOF occurred in violation of protocol
相反,在使用请求时,Python 的非异步 http 客户端将 ssl_verify 设置为 false 允许成功连接到服务器。但是,异步 http 客户端询问,缺少这样的功能,我收到 SSLEOFERROR。
Ask 允许接受自定义的 SSL。SSLContext 对象,但经过多次尝试,甚至将自签名证书添加到我的本地密钥库,没有任何结果导致连接成功,错误保持不变。
import asks
import trio
from asks.sessions import Session
url_list = ['facebook.com', 'https://example.com']
results=[]
ssl_context=ssl.SSLContext()
ssl_context.verify_mode=ssl.CERT_NONE
ssl_context.check_hostname = False
async def grabber(s,url):
r=await s.get(path='/'+url)
results.append(r)
async def main(url_list)
s = Session(connections=2,ssl_context=ssl_context)
s.base_location='https://self-signedcert-site/'
s.endpoint='path/to/restapi'
async with trio.open_nursery() as n:
for url in url_list:
n.start_soon(grabber, s, url)
trio.run(main,url_list)
结果如下(手动键入的回溯..无法从错误计算机共享/粘贴(开始 SSLEOFERROR 回溯:
Traceback (most recent call last):
line 463 in _retry
ret = fn(*args)
line 718 in read
v= self._sslobj.read(len)
ssl.SSLEOFError: EOF occured in violation of protocol (_ssl.c:2508)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
line 90, in runcode
exec(code, self.locals)
File "<input>", line 28, in <module> run.py line 1783 in run
raise runner.main_task_outcome.error
file"<input>", line 26 in main
file _run.py, line 725, in __aexit__
raise combined error_from_nursery
file"<input>", line 15 in grabber
File "asks/sessions.py", line 253, in _handle_exception
raise e
File ...askssessions.py" , line 186 in request
sock,r = await req_obj.make_request()
file ...request_object.py ", line 217 in make_request
response obj=await self._request_io(req, req_body, hconnection)
file ..request_object.py", line 254 in _request_io
response_obj = await
self._catch_response(hcconection)
file ..request_object.py", line 596, in _catch_response
data=await self._recv_event(hcconection)
file "...request_object.py", line 618, in _recv_event
(await asynclib.recv(self.sock,10000)))
File "..._event_loop_wrappers.py", line 47 in trio_receive_some
return await sock.receive_some(max_bytes)
file "..._ssl.py" line 657 in receive_some
return await self._retry(self._ssl_object.read, max_bytes)
File"....trio_ssl.py", line 468 in _retry
raise trio.BrokenResourceerror from exc
Trio.BrokenResourceError
更新我已经确定了一些事情。
如果我不使用会话对象,我只使用asks.get()我能够看到响应中的粒度变化:
问图书馆
SSLEOFERROR:[通过使用 pip 安装询问修复的错误 - conda-forge 正在运行 3 个版本]
asks.get('https://url', auth=BasicAuth(usr_pw))
无效的 HTTP 响应错误:
asks.get('https:url/rest/api/path',auth=BasicAuth(usr_pw))
页面正文按预期返回:
asks.get('https://google.com')
请求库
页面正文按预期返回:
requests.get('https://url', auth=HTTPBasicAuth=(usr_pw),verify=false)
按预期从 API 返回的正确响应:
requests.get('https:url/rest/api/path', auth=HTTPBasicAuth=(usr_pw))
考虑到我能够生成另一种类型的错误(无效的http响应(,我为此添加了更多回溯开始无效的 HTTP 响应回溯:
[完整路径已编辑]
File "....askssessions.py", line 185, in request
sock, r = await req_obj.make_request()
file ....asksrequest_object.py", line 214, in make_request
response_obj = await self._request_io(req, req_body, h11_connection)
file "...asksrequest_object.py", line 251, in _request_io
response_obj = await self._catch_response(h11_connection)
file"...asksrequest_object.py", line 599, in _catch_response
assert isinstance(endof, h11.EndOfMessage)
AssertionError
The above exception was the direct cause of the following exception
[some output redacted]
file "...trio_core_run.py", in 1783, in run
raise runner.main_task_outcome.error
file "...my_script_thats_having_this_error, line 33, in main
n.start_soon(grabber,s)
File"....trio_core_run.py", line 725 in __aexit__
raise combined_error_from_nursery
File "...my_script_thats_having_this_error, line 30 in request
r = await s.request(method, url=uri, **kwargs)
File "...askssessions.py", line 215, in request
await self._handle_exception(e,sock)
File "...askssessions.py", line 253, in _handle_exception
raise BadHttpResponse('invalid HTTP response from server. ') from e asks.errors.BadHttpResponse: Invalid HTTP response from server.
我尝试使用asksv2.3.5连接到具有自签名证书的站点,它成功了:
>>> trio.run(asks.get, "https://self-signed.badssl.com")
<Response 200 OK>
这是一个严重的错误...这意味着 Ask 实际上默认设置了相当于verify=False。我希望询问将在未来几天内紧急发布以解决此问题。请参阅:https://github.com/theelous3/asks/issues/134 [编辑:此问题已在 ask v2.3.6 中修复。
但是回到你的问题!鉴于默认情况下询问确实verify=False,我认为自签名证书不会引起您的问题。无论如何,自签名证书应该引起SSLCertVerificationError,而不是SSLEOFError。
不幸的是,我认为这里没有足够的信息来弄清楚您的实际问题是什么:-(。SSLEOFError异常意味着服务器突然关闭其连接。也许握手出了点问题?也许询问和请求被配置为提供一组不同的密码套件,而服务器不喜欢询问的产品?这些是疯狂的猜测:-/。接下来我可能会尝试wireshark,以了解实际发生了什么。