urllib 和 SSL: CERTIFICATE_VERIFY_FAILED E

2024-04-25 02:09:21 发布

您现在位置:Python中文网/ 问答频道 /正文
1813 3

我得到以下错误:

Exception in thread Thread-3:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in        __bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in  run
self.__target(*self.__args, **self.__kwargs)
File "/Users/Matthew/Desktop/Skypebot 2.0/bot.py", line 271, in process
info = urllib2.urlopen(req).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

这是导致此错误的代码:

if input.startswith("!web"):
    input = input.replace("!web ", "")      
    url = "https://domainsearch.p.mashape.com/index.php?name=" + input
    req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXX' })
    info = urllib2.urlopen(req).read()
    Message.Chat.SendMessage ("" + info)

我使用的API要求我使用HTTPS。我怎么能让它绕过验证呢?


Tags: inpyselfinputliblinelibraryframework
3条回答
网友
1楼 · 编辑于 2024-04-25 02:09:21

关于克雷格·格伦尼的回答:

在MacOs Sierra上的Python3.6.1中

在bash终端中输入这个解决了问题:

pip install certifi
/Applications/Python\ 3.6/Install\ Certificates.command
网友
2楼 · 编辑于 2024-04-25 02:09:21

这并不是解决你具体问题的方法,但我之所以把它放在这里,是因为这个线程是“SSL:CERTIFICATE\uverify\u FAILED”的Google结果,它让我大吃一惊。

如果您在OSX上安装了Python3.6,并且在尝试连接到https://site时遇到“SSL:CERTIFICATE_VERIFY_FAILED”错误,可能是因为OSX上的Python3.6根本没有证书,并且无法验证任何SSL连接。这是OSX上3.6的更改,需要安装后步骤,安装证书的certifi包。这在自述文件中有记录,您可以在/Applications/Python\ 3.6/ReadMe.rtf找到它

自述文件将让您运行这个安装后脚本,它只安装certifi/Applications/Python\ 3.6/Install\ Certificates.command

发行说明有更多信息:https://www.python.org/downloads/release/python-360/

网友
3楼 · 编辑于 2024-04-25 02:09:21

如果只想绕过验证,可以创建一个新的SSLContext。默认情况下,新创建的上下文使用CERT_NONE

如第17.3.7.2.1节所述,小心操作

When calling the SSLContext constructor directly, CERT_NONE is the default. Since it does not authenticate the other peer, it can be insecure, especially in client mode where most of time you would like to ensure the authenticity of the server you’re talking to. Therefore, when in client mode, it is highly recommended to use CERT_REQUIRED.

但是,如果您只是想让它现在工作,因为某些其他原因,您可以执行以下操作,您还必须import ssl

input = input.replace("!web ", "")      
url = "https://domainsearch.p.mashape.com/index.php?name=" + input
req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' })
gcontext = ssl.SSLContext()  # Only for gangstars
info = urllib2.urlopen(req, context=gcontext).read()
Message.Chat.SendMessage ("" + info)

这应该可以解决您的问题,但您并没有真正解决任何问题,但您不会看到[SSL: CERTIFICATE_VERIFY_FAILED],因为您现在没有验证证书!

除此之外,如果您想了解更多关于为什么会看到这些问题的信息,您将需要查看PEP 476

This PEP proposes to enable verification of X509 certificate signatures, as well as hostname verification for Python's HTTP clients by default, subject to opt-out on a per-call basis. This change would be applied to Python 2.7, Python 3.4, and Python 3.5.

有一个建议退出,这与我上面的建议并无不同:

import ssl

# This restores the same behavior as before.
context = ssl._create_unverified_context()
urllib.urlopen("https://no-valid-cert", context=context)

它还通过monkeypatching提供了一个非常不受欢迎的选项,这在python中并不常见:

import ssl

ssl._create_default_https_context = ssl._create_unverified_context

它用创建未验证的上下文的函数重写用于上下文创建的默认函数。

请注意,如政治公众人物所述:

This guidance is aimed primarily at system administrators that wish to adopt newer versions of Python that implement this PEP in legacy environments that do not yet support certificate verification on HTTPS connections. For example, an administrator may opt out by adding the monkeypatch above to sitecustomize.py in their Standard Operating Environment for Python. Applications and libraries SHOULD NOT be making this change process wide (except perhaps in response to a system administrator controlled configuration setting).

如果你想读一篇关于为什么不在软件中验证证书是不好的论文you can find it here

相关问题 更多 >

    编程相关推荐