Python请求抛出SSL错误

2024-04-27 23:09:57 发布

您现在位置:Python中文网/ 问答频道 /正文
442 3

以下是SSLError using requests for python的后续内容:

我刚刚在Mac OSX 10.8.5上安装了requests。在缺少证书时,我第一次尝试执行requests.get失败:

SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

  • 上面的线程说要查找/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/site-packages/re‌​quests/cacert.pem,但实际上我甚至没有.../site-packages/requests目录。我不清楚这是否应该由安装添加(我使用了pip

  • 更多的线程和requests文档说要安装certifi,我就这么做了。但现在我得到了一个不同的错误:

    python -c 'import requests; requests.get("https://api.github.com/events")'    /usr/lib/anaconda/lib/python2.7/site-packages/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Traceback (most recent call last):
...
  File "/usr/lib/anaconda/lib/python2.7/site-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm

谢谢!


Tags: httpssslgetlibpackagessiteerrorrequests
1条回答
网友
1楼 · 发布于 2024-04-27 23:09:57

注意,您正在使用HTTPS。如Requests manual所述

To check a host’s SSL certificate, you can use the verify argument [...] By default, verify is set to True

以下是解决这个问题的几种方法:

更新OpenSSL(可能会解决您的问题)

摘自here

If you encounter one of the following errors:

error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm
error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
The software you are using might be compiled with a version too old of OpenSSL that does not take certificates signed with sha256WithRSAEncryption into account.

It requires at least OpenSSL 0.9.8o for a total management of SHA256. OpenSSl 0.9.7m only assures a partial management, for server mode only.

通过

检查您的openssl版本 
openssl version
OpenSSL 1.0.1k-fips 8 Jan 2015

如果您的版本小于OpenSSL0.9.8o,则必须更新其版本(OS X):

brew update
brew install openssl
brew link --force openssl

如果不起作用,请这样做:

brew uninstall openssl
rm -rf /usr/local/openssl
brew install openssl
  • OS X 10.10.3之前安装的openssl有问题,重新安装可以修复它
  • 这些命令行将卸载openssl,从硬盘中删除其文件夹并重新安装(更新版本)

安装certifi

取自here

By default Requests bundles a set of root CAs that it trusts, sourced from the Mozilla trust store. However, these are only updated once for each Requests version. This means that if you pin a Requests version your certificates can become extremely out of date.

From Requests version 2.4.0 onwards, Requests will attempt to use certificates from certifi if it is present on the system. This allows for users to update their trusted certificates without having to change the code that runs on their system.

For the sake of security we recommend upgrading certifi frequently!

换句话说,如果您有Request 2.4.0或更新版本,请尝试安装certifi

pip install certifi

希望这能解决问题。

使用不同版本的OpenSSL并请求

使用Google进行调查,我发现Python 2中的OpenSSL有一个问题:

但是,我使用的是Python 2.7.6Requests 2.2.1OpenSSL 1.0.1f 6 Jan 2014,一切都正常运行。

通过证书

在其他情况下,如果主机的证书是由您签名的,则可能需要告诉requests.get证书文件的路径。

requests.get("https://api.github.com/events", verify=True, cert=['/path/to/my/ca.crt'])

将verify参数设置为False(不推荐!)

为了避免证书验证,必须将verify=False传递给request.get方法。

python -c 'import requests; requests.get("https://api.github.com/events", verify=False)'

或来自script.py文件:

import requests
res = requests.get("https://api.github.com/events", verify=False)
print res

终端:

$ python script.py
<Response [200]>

重要的:非常糟糕的主意;您可能受到MITM攻击,这是一个严重的安全漏洞。

相关问题 更多 >

    编程相关推荐