个人中心
gpt4 book ai didi

python - 通过 Python 和请求调用 URL 时 SSL 超时

转载 作者:太空宇宙 更新时间:2023-11-03 14:47:32 24 4
gpt4 key购买 nike

我遇到了以下情况:当从 Python 和 requests 调用 HTTPS 链接时,我在我的 Ubuntu 笔记本电脑以及我尝试过的 Linux 上遇到超时VirtualBox 和另一台笔记本电脑。但是,相同的 Python 代码在 Windows 7、Mac OS X 和最新的 FreeBSD 上返回有效响应。这个问题大约在两周前出现,我怀疑这可能是因为服务器上发生了某些更改,这只影响了 Linux 网络堆栈。欢迎任何想法为什么会发生以及如何解决它。

下面是详细信息。

  • 我用过的Python版本:最新,2.7.11
  • 请求版本:2.10
  • 我尝试过的操作系统:Ubuntu 16.04、Ubuntu 15.10、Fedora 23、CentOS 6、Windows 7、FreeBSD、Mac OS X。

注:以下所有重要数据均因保密协议(protocol)而被跳过。

实际失败的 Python 代码:

import requests
import logging
import httplib as http_client
import ssl


http_client.HTTPConnection.debuglevel = 1

logging.basicConfig()
logging.getLogger().setLevel(logging.DEBUG)
requests_log = logging.getLogger("requests.packages.urllib3")
requests_log.setLevel(logging.DEBUG)
requests_log.propagate = True

url = 'https://subdomain.example1.com/products/12345'
cert = ('example.pem', 'example.key')
response = requests.get(url=url,
                        params={'locale': 'en_US'},
                        headers={'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json'},
                        timeout=10.0,
                        cert=cert,
                        verify=False,
                        cookies=None)
print response

在 Linux 上运行上述代码的结果:

$ python req.py 
INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): subdomain.example1.com
Traceback (most recent call last):
  File "req.py", line 23, in <module>
    cookies=None)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 449, in send
    raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: HTTPSConnectionPool(host='subdomain.example1.com', port=443): Read timed out. (read timeout=10.0)

相同代码在超时设置为 300.0 的 Linux 上的结果:

$ python req.py 
INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): subdomain.example1.com
Traceback (most recent call last):
  File "req.py", line 23, in <module>
    cookies=None)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 468, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_read_bytes', 'sslv3 alert unexpected message')],)",)

从 FreeBSD 中获取的正确的 Python 代码运行结果:

$ python req.py  
INFO:requests.packages.urllib3.connectionpool:Starting new HTTPS connection (1): subdomain.example1.com
/usr/local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:821: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)
send: 'GET /products/12345?locale=en_US HTTP/1.1\r\nHost: subdomain.example1.com\r\nConnection: keep-alive\r\nAccept-Encoding: gzip, deflate\r\nAccept: application/json\r\nUser-Agent: python-requests/2.10.0\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: Apache-Coyote/1.1
header: Cache-Control: private
header: Expires: Wed, 31 Dec 1969 17:00:00 MST
header: Content-Type: application/json;charset=UTF-8
header: Transfer-Encoding: chunked
header: Date: Thu, 09 Jun 2016 16:13:37 GMT
DEBUG:requests.packages.urllib3.connectionpool:"GET /products/12345?locale=en_US HTTP/1.1" 200 None
<Response [200]>

来自 openssl 的尝试:

$ openssl s_client -connect subdomain.example1.com:443 -cert example.pem -key example.key
CONNECTED(00000003)
depth=2 CN = Root.Example2.com
verify return:1
depth=1 DC = com, DC = example3, CN = ca-example3
verify return:1
depth=0 ST = Colorado, L = Boulder, O = Example4.com, OU = WebOps, CN = *.example1.com
verify return:1
139622025893528:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:s3_pkt.c:1472:SSL alert number 10
139622025893528:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
Certificate chain
 0 s:/ST=Colorado/L=Boulder/O=Example4.com/OU=WebOps/CN=*.example1.com
   i:/DC=com/DC=example3/CN=ca-example3
---
Server certificate
-----BEGIN CERTIFICATE-----
........ SKIPPED .........                                                                                                                                                                                                              
-----END CERTIFICATE-----                                                                                                                                                                                                                                                      
subject=/ST=Colorado/L=Boulder/O=Example4.com/OU=WebOps/CN=*.example1.com                                                                                                                                                                                                          
issuer=/DC=com/DC=example3/CN=ca-example3                                                                                                                                                                                                                            
---                                                                                                                                                                                                                                                                            
Acceptable client certificate CA names                                                                                                                                                                                                                                         
/O=Example4.com/OU=WebOps/CN=cl_ABCDEFGHI                                                                                                                                                                                                                                      
/O=Example4.com/OU=WebOps/CN=cl_QWERTYUIO                                                                                                                                                                                                                                      
/CN=Root.Example2.com
/DC=com/DC=example3/CN=ca-example3
/O=Example4.com/OU=WebOps/CN=cl_ASDFGHJKL
/O=Example4.com/OU=WebOps/CN=cl_ZXCVBNabc
/O=Example4.com/OU=WebOps/CN=cl_poiuytrew
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1:RSA+MD5
Shared Requested Signature Algorithms: ECDSA+SHA512:RSA+SHA512:ECDSA+SHA384:RSA+SHA384:ECDSA+SHA256:RSA+SHA256:ECDSA+SHA224:RSA+SHA224:ECDSA+SHA1:RSA+SHA1:DSA+SHA1
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2573 bytes and written 4570 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 57591435C56B9FDFXXXBB896F8140E7B72EE07A2ACDB0446F0AB04C5D2928FD1
    Session-ID-ctx: 
    Master-Key: F830C1F0330391B5XXX3E58F07C23D7A8C2020F824C0C4389D798CCA16A6AD5D556881671001A7DD6641AC4739BE2E28
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1465455669
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

主机似乎有效,我能够 ping 它,来自任何操作系统的 openssl 调用,包括 Linux 机器显示它是事件的并响应请求。

提前致谢。

最佳答案

问题似乎是由跨多个版本使用 nat 网络时 virtualbox 中的错误引起的。根据this issue , 该错误已在 5.1.10 版本中修复。但是我在 Windows 主机上的 Virtual Box 5.1.12 中遇到了同样的问题。

关于python - 通过 Python 和请求调用 URL 时 SSL 超时,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/37731685/

24 4 0
文章推荐: c# - SSL 证书 : A specified logon session does not exist
文章推荐: c# - 使用 C# 在投票中发布多项选择
文章推荐: Apache proxypass 不允许 HTTP_POST
文章推荐: Python Numpy 编码库
太空宇宙
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com