个人中心
gpt4 book ai didi

python - curl --cacert vs python请求验证

转载 作者:行者123 更新时间:2023-12-04 22:36:51 25 4
gpt4 key购买 nike

我正在尝试通过 https 连接到使用非官方 CA 的网站。由于某种原因,它适用于 curl 但不适用于 python 请求。
请参阅下面的示例

Python 3.8.0 (default, Oct 30 2019, 11:47:54) 
Type 'copyright', 'credits' or 'license' for more information
IPython 7.9.0 -- An enhanced Interactive Python. Type '?' for help.

In [1]: import requests 

In [2]: requests.__version__ 
Out[2]: '2.22.0'

In [3]: cert = "..." 

In [4]: url = "..." 

In [5]: !curl --cacert {cert} {url} 
{"status":200}

In [6]: requests.get(url,verify=cert) 
---------------------------------------------------------------------------
SSLCertVerificationError Traceback (most recent call last)
...
SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)

During handling of the above exception, another exception occurred:

MaxRetryError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)')))

During handling of the above exception, another exception occurred:

SSLError Traceback (most recent call last)
...

SSLError: HTTPSConnectionPool(host='...', port=443): Max retries exceeded with url: ... (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get issuer certificate (_ssl.c:1108)')))
我究竟做错了什么?为什么它的行为不同?
- 编辑 -
curl 肯定在使用这个证书,没有它 curl 失败 
In [9]: !curl {url}                                                                                                                                                                                                
curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none
More details here: http://curl.haxx.se/docs/sslcerts.html

...

In [10]:

最佳答案

... it's an intermediate CA


仅在信任库中拥有中间 CA 不足以验证证书,至少对于当前版本的 Python 而言是这样。此功能需要使用 OpenSSL 标志 X509_V_FLAG_PARTIAL_CHAIN用于验证,即 neither currently exposed by Python也不默认设置。
与此 curl 相反 sets this flag by default在较新的版本中,因此有效。

关于python - curl --cacert vs python请求验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/64219172/

25 4 0
文章推荐: python - 如何创建只有服务器对客户端进行身份验证的 Python SSL 客户端/服务器对
文章推荐: ssl - 如何引用名称中带有哈希后缀的证书管理器生成的 secret ?
文章推荐: ssl - curl 错误 35 : failed to receive handshake, SSL/TLS 连接失败
文章推荐: sql-server - 在 dockerized C sharp 微服务中播种/迁移数据时 SSL_ERROR_SSL MSSQL 握手失败
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com