- c - 在位数组中找到第一个零
- linux - Unix 显示有关匹配两种模式之一的文件的信息
- 正则表达式替换多个文件
- linux - 隐藏来自 xtrace 的命令
注意事项:
versions
Python 2.7.11 and my requests version is '2.10.0'
'OpenSSL 1.0.2d 9 Jul 2015'
Please read the below comment by Martijn Pieters before reproducing
最初我尝试使用如下代码从 https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx
获取 pdf
代码1:
>>> import requests
>>> requests.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx",verify=False)
错误:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESE
T')",)
经过google和搜索我发现你已经使用了SSL验证并且使用session with adapters可以解决问题。但是我仍然有错误,请在下面找到代码和错误
代码2:
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl
import traceback
class MyAdapter(HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,
maxsize=maxsize,
block=block,
ssl_version=ssl.PROTOCOL_TLSv1)
s = requests.Session()
s.mount('https://', MyAdapter())
print "Mounted "
r = s.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx", stream=True, timeout=120)
错误:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 480, in get
return self.request('GET', url, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESET')",)
最佳答案
首先,我确认无法从任何地方访问主机 www.neco.navy.mil
。从某些网络(地理位置)它可以工作*,从其他网络连接只是挂起:
$ curl www.neco.navy.mil
curl: (7) couldn't connect to host
$ curl https://www.neco.navy.mil
curl: (7) couldn't connect to host
其次,当可以建立连接时出现证书问题:
$ curl -v https://www.neco.navy.mil
* Rebuilt URL to: https://www.neco.navy.mil/
* Hostname was NOT found in DNS cache
* Trying 205.85.2.133...
* Connected to www.neco.navy.mil (205.85.2.133) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
为了确保,您只需将它提供给 Qualys SSL tester :
CA(DoD 根 CA 2)不受信任。而且它不在链中。注意 OpenSSL validation process needs whole chain :
Firstly a certificate chain is built up starting from the supplied certificate and ending in the root CA. It is an error if the whole chain cannot be built up.
但只有 www.neco.navy.mil -> DODCA-28。它可能与 TLD 和额外的安全措施有关,但 C 级本身并不多 ;-)
在 Python 方面并没有太大的不同。如果您无权访问 CA,则只能完全禁用证书验证(当然,在解决连接问题之后)。如果你有它,你可以使用 cafile
。
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urllib2
import ssl
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
r = urllib2.urlopen('https://www.neco.navy.mil/'
'necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',
timeout = 5, context = ctx)
print(len(r.read()))
r = urllib2.urlopen('https://www.neco.navy.mil/'
'necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',
timeout = 5, cafile = '/path/to/DODCA-28_and_DoD_Root_CA_2.pem')
print(len(r.read()))
要使用特定版本的 Python 进行重现,请使用如下简单的 Dockerfile:
FROM python:2.7.11
WORKDIR /opt
ADD . ./
CMD dpkg -s openssl | grep Version && ./app.py
然后运行:
docker build -t ssl-test .
docker run --rm ssl-test
关于python - SSL 错误握手错误 10054 "WSAECONNRESET",我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/38761166/
当服务器重新启动并且客户端在最后一次调用 send 函数时收到 WSAECONNRESET 错误代码时,我是否应该重新创建整个套接字?似乎我无法再次在同一个套接字上调用 connect 函数——它会一
注意事项: versions Python 2.7.11 and my requests version is '2.10.0' 'OpenSSL 1.0.2d 9 Jul 2015' Please
我有两个 WCF 服务在我的计算机 (Windows 8) 的 Windows 窗体应用程序 (C#/.NET 4) 中运行: 首次服务:https://localhost:9002 二次服务:htt
我做了一个小型 C# 服务器应用程序来测试客户端模式下的 GPRS 调制解调器。有时在工作时我得到一个 SocketException,ErrorCode 等于 10054,即 WSAECONNRES
我正在开发一个 Flash 应用程序,它需要与我的 C++ 服务器通信以进行帐户验证和状态更新等操作。我在监听特定端口的服务器上有一个非阻塞 TCP 套接字。 过程是这样的: Socket 在服务器机
“在单个 Windows PC 上使用 UDP 进行进程间通信可能会出现什么问题?”我想......并着手实现它。 但是,尽管只发送了数百个字节并且只是非常零星地发送,并且尽管 UDP 被用作无连接协
版本 Python 3.7.0 pyOpenSSL 18.0.0 requests 2.19.1 requests-fu
我是一名优秀的程序员,十分优秀!