在Python2.7.9中禁用默认证书验证

2024-04-20 02:56:00 发布

您现在位置:Python中文网/ 问答频道 /正文
663 3

我尝试建立到XMLRPC api的本地HTTPS连接。自从我升级到python 2.7.9后,enable by default certificates verification,我在使用API时遇到了一个证书验证失败的错误

>>> test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',verbose=False, use_datetime=True)
>>> test.list_satellites()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/local/lib/python2.7/httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "/usr/local/lib/python2.7/httplib.py", line 850, in _send_output
    self.send(msg)
  File "/usr/local/lib/python2.7/httplib.py", line 812, in send
    self.connect()
  File "/usr/local/lib/python2.7/httplib.py", line 1212, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/local/lib/python2.7/ssl.py", line 566, in __init__
    self.do_handshake()
  File "/usr/local/lib/python2.7/ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>>> import ssl
>>> ssl._create_default_https_context = ssl._create_unverified_context
>>> test.list_satellites()
[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]

python 2.7.9中是否存在禁用默认证书验证的pythonic方法?

我不知道更改“private”全局SSL属性是否合适(ssl._create_default_https_context = ssl._create_unverified_context


Tags: inpyselfsendsslverboserequestlib
3条回答
网友
1楼 · 编辑于 2024-04-20 02:56:00

您必须提供一个未经验证的SSL上下文,该上下文由手工构造,或者使用来自SSL模块的私有函数create_unverified_context():

import xmlrpclib
import ssl

test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl._create_unverified_context())
test.list_satellites()

注意:此代码仅适用于python>;=2.7.9(context在python 2.7.9中添加了参数)

如果希望代码与以前的Python版本兼容,则必须使用transport参数:

import xmlrpclib
import ssl

context = hasattr(ssl, '_create_unverified_context') and ssl._create_unverified_context() \
          or None
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             transport=xmlrpclib.SafeTransport(use_datetime=True, 
                                                               context=context))
test.list_satellites()
网友
2楼 · 编辑于 2024-04-20 02:56:00

可以使用Python 2.7.9+上现有的公共sslapi禁用验证:

import xmlrpclib
import ssl

ssl_ctx = ssl.create_default_context()
ssl_ctx.check_hostname = False
ssl_ctx.verify_mode = ssl.CERT_NONE
test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',
                             verbose=False, use_datetime=True, 
                             context=ssl_ctx)
test.list_satellites()
网友
3楼 · 编辑于 2024-04-20 02:56:00

我认为禁用证书验证的另一种方法可能是:

import xmlrpclib
import ssl

s=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
s.verify_mode=ssl.CERT_NONE

test=xmlrpclib.Server('https://admin:bz15h9v9n@localhost:9999/API',verbose=0,context=s)

相关问题 更多 >

    编程相关推荐