Python 请求获取 SSLerror

Question

尝试使用 Requests session 发出简单的获取请求，但我不断收到特定站点的 SSLerror。我认为问题可能出在网站上(我使用 https://www.ssllabs.com 进行了扫描，结果如下所示)，但我不能确定，因为我对这方面一无所知 :) 我很想了解发生了什么.

一个解决方案/解释会很棒，谢谢!

代码:

import requests

requests.get('https://www.reporo.com/')

我遇到下一个错误:

SSLError: [Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-7-cfc21b287fee> in <module>()
----> 1 requests.get('https://www.reporo.com/')

/usr/local/lib/python2.7/dist-packages/requests/api.pyc in get(url, **kwargs)
     63 
     64     kwargs.setdefault('allow_redirects', True)
---> 65     return request('get', url, **kwargs)
     66 
     67 

/usr/local/lib/python2.7/dist-packages/requests/api.pyc in request(method, url, **kwargs)
     47 
     48     session = sessions.Session()
---> 49     response = session.request(method=method, url=url, **kwargs)
     50     # By explicitly closing the session, we avoid leaving sockets open which
     51     # can trigger a ResourceWarning in some cases, and look like a memory leak

/usr/local/lib/python2.7/dist-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
    459         }
    460         send_kwargs.update(settings)
--> 461         resp = self.send(prep, **send_kwargs)
    462 
    463         return resp

/usr/local/lib/python2.7/dist-packages/requests/sessions.pyc in send(self, request, **kwargs)
    571 
    572         # Send the request
--> 573         r = adapter.send(request, **kwargs)
    574 
    575         # Total elapsed time of the request (approximately)

/usr/local/lib/python2.7/dist-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies)
    429         except (_SSLError, _HTTPError) as e:
    430             if isinstance(e, _SSLError):
--> 431                 raise SSLError(e, request=request)
    432             elif isinstance(e, ReadTimeoutError):
    433                 raise ReadTimeout(e, request=request)

SSLError: [Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')]

我在 https://www.ssllabs.com 进行了扫描并得到以下内容:

SSL Report: reporo.com
Assessed on:  Sun Feb 22 21:42:57 PST 2015 | Clear cache Scan Another >>

    Server  Domain(s)   Test time   Grade
1   154.51.128.13 
Certificate not valid for domain name 
reporo.com
Sun Feb 22 21:40:53 PST 2015 
Duration: 9.167 sec -
2   198.12.15.168 
protected.ddosdefend.com 
Ready 
www.reporo.com

Sun Feb 22 21:41:02 PST 2015 
Duration: 115.189 sec   
F

Answer 1

www.reporo.com(不是 reporo.com)的证书本身是有效的，但它缺少链式证书，如 ssllabs 的报告所示。 :

Chain issues    Incomplete
....
2   Extra download  Thawte DV SSL CA 
Fingerprint: 3ca958f3e7d6837e1c1acf8b0f6a2e6d487d6762 

“不完整”和“额外下载”是重点。一些浏览器将缓存丢失的链证书，其他浏览器将进行下载，而其他浏览器将失败。如果您使用新的 Firefox 配置文件(没有缓存任何证书)尝试该站点，它也会失败。

您可以下载丢失的链证书并将其用作受信任的 CA 证书，并带有请求的 verify 参数。不要只是禁用验证，因为这样您就容易受到中间人攻击。

分步说明:

• 在 https://ssl-tools.net/certificates/vqgvhb-thawte-dv-ssl-ca 下载丢失的证书(通过搜索 SSLLabs 报告中给出的指纹找到)。下载 PEM 格式的文件，即 https://ssl-tools.net/certificates/3ca958f3e7d6837e1c1acf8b0f6a2e6d487d6762.pem .
• 在 https://ssl-tools.net/certificates/91c6d6ee3e8ac86384e548c299295c756c817b81.pem 下载根证书(也是通过搜索指纹找到的)。
• 将两个文件合并到一个新文件 chain.pem 中。确保每个文件确实以有效的行尾字符结尾(它们不是下载的)。生成的文件应该看起来是 like this .

• 将您的调用修改为

  requests.get('https://www.reporo.com/', verify = 'chain.pem')