请求（仅）*.google.com时，在Python上SSL3_GET_SERVER_证书验证失败

到目前为止我所做的

我已经经历了很多努力，试图使这一工作，并诉诸张贴堆栈溢出，现在我不知道该怎么办。以下是我尝试过的：

注意到date返回的日期比实际时间晚了2分钟（可能使我的证书失效）。我修复了这个假设它将验证证书。这没有修复问题。

发现Python2.7.9从Python3向后移植了一些SSL库。我从Python2.7.6升级到2.7.9，假设更新（包括这个线程中列出的补丁：https://serverfault.com/questions/692110/error-with-python2-as-a-https-client-with-an-nginx-server-and-ssl-certificate-ch）可以修复它。不走运，同样的错误。

显然，设置verify=False是可行的，但是我们不愿意在安全性上做出让步，我们需要verify=True来工作。

curl https://google.com也按预期工作。这就是我知道它与Python有关的原因。

$ python -V Python 2.7.9 $ pip list | grep -e requests requests (2.9.1) $ uname-a # ubuntu 14.04 Linux staging.example.com 3.13.0-48-generic #80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

示例

这是仅发生在https上的google域。下面是一个例子：

$ ipython Python 2.7.9 (default, Jan 6 2016, 21:37:32) Type "copyright", "credits" or "license" for more information. IPython 4.0.1 -- An enhanced Interactive Python. ? -> Introduction and overview of IPython's features. %quickref -> Quick reference. help -> Python's own help system. object? -> Details about 'object', use 'object??' for extra details. In [1]: import requests In [2]: requests.get('https://facebook.com', verify=True) Out[2]: <Response [200]> In [3]: requests.get('https://stackoverflow.com', verify=True) Out[3]: <Response [200]> In [4]: requests.get('https://spotify.com', verify=True) Out[4]: <Response [200]> In [5]: requests.get('http://google.com', verify=True) # notice the http Out[5]: <Response [200]> In [6]: requests.get('https://google.com', verify=True) --------------------------------------------------------------------------- SSLError Traceback (most recent call last) <ipython-input-6-a7fff1831944> in <module>() ----> 1 requests.get('https://google.com', verify=True) /example/.virtualenv/example/lib/python2.7/site-packages/requests/api.pyc in get(url, params, **kwargs) 65 66 kwargs.setdefault('allow_redirects', True) ---> 67 return request('get', url, params=params, **kwargs) 68 69 /example/.virtualenv/example/lib/python2.7/site-packages/requests/api.pyc in request(method, url, **kwargs) 51 # cases, and look like a memory leak in others. 52 with sessions.Session() as session: ---> 53 return session.request(method=method, url=url, **kwargs) 54 55 /example/.virtualenv/example/lib/python2.7/site-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json) 466 } 467 send_kwargs.update(settings) --> 468 resp = self.send(prep, **send_kwargs) 469 470 return resp /example/.virtualenv/example/lib/python2.7/site-packages/requests/sessions.pyc in send(self, request, **kwargs) 574 575 # Send the request --> 576 r = adapter.send(request, **kwargs) 577 578 # Total elapsed time of the request (approximately) /example/.virtualenv/example/lib/python2.7/site-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies) 445 except (_SSLError, _HTTPError) as e: 446 if isinstance(e, _SSLError): --> 447 raise SSLError(e, request=request) 448 elif isinstance(e, ReadTimeoutError): 449 raise ReadTimeout(e, request=request) SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)

1条回答

网友

1楼 · 发布于 2024-04-27 03:30:31

我找到了解决办法。运行的certifi版本中似乎有一个主要问题。我从这个（很长的）GitHub问题中发现了这个：https://github.com/certifi/python-certifi/issues/26

TL；DR

pip uninstall -y certifi && pip install certifi==2015.04.28

到目前为止我所做的

环境

示例

相关问题更多 >

编程相关推荐

热门问题

热门文章