ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
我已经 运行 Flask-SocketIO 程序 uwsgi (2.0.15) 和 gevent 作为异步。但是,当我尝试构建支持 ssl 的 uwsgi 时,出现以下错误-
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
我正在使用通过以下命令使用 OpenSSL (1.0.2.g) 构建的自签名密钥和证书文件-
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
我检查了 uwsgi 的 official documentation 以获得 ssl 支持,他们建议可以使用自签名密钥。但是,我的问题仍然是 uwsgi 实际上是否完全支持使用 OpenSSL 的自签名密钥的 ssl ?
这是我使用 ssl 构建 uwsgi 的命令 -
uwsgi --https :5006,cert.pem,key.pem --gevent 1000 --http-websockets --master --wsgi-file server.py --callable app
这是我对错误的完整回溯:
Traceback (most recent call last):
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/engineio/server.py", line 405, in _trigger_event
return self.handlers[event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 520, in _handle_eio_message
self._handle_event(sid, pkt.namespace, pkt.id, pkt.data)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 456, in _handle_event
self._handle_event_internal(self, sid, data, namespace, id)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 459, in _handle_event_internal
r = server._trigger_event(data[0], namespace, sid, *data[1:])
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 488, in _trigger_event
return self.handlers[namespace][event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 243, in _handler
*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 626, in _handle_event
ret = handler(*args)
File "server.py", line 84, in chat_message
response = request.getresponse()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 128, in getresponse
self._connect()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 82, in _connect
self._connection.connect()
File "/usr/lib/python3.5/http/client.py", line 1260, in connect
server_hostname=server_hostname)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 60, in wrap_socket
_session=session)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 232, in __init__
raise x
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 228, in __init__
self.do_handshake()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 545, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
所以,如果 uwsgi 真的支持自签名密钥,那么该错误的原因可能是什么?或者, gevent 有什么问题吗?
由于我自己没有注册域名,所以暂时无法获得CA签名证书。
根据堆栈跟踪,这不是您在服务器上使用的 self-signed 证书的问题。您的应用程序中有一个名为 chat_message() 的函数,它是一个事件处理程序。在此函数中,您使用请求库发送 HTTP 请求,对吗?
您在此事件处理程序中联系的服务器也是 https://,请求库无法验证它提供的证书。如果该服务也使用 self-signed 证书,那么您需要配置请求以绕过验证,如下所示:
requests.get(url, verify=False)
我已经 运行 Flask-SocketIO 程序 uwsgi (2.0.15) 和 gevent 作为异步。但是,当我尝试构建支持 ssl 的 uwsgi 时,出现以下错误-
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
我正在使用通过以下命令使用 OpenSSL (1.0.2.g) 构建的自签名密钥和证书文件-
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365
我检查了 uwsgi 的 official documentation 以获得 ssl 支持,他们建议可以使用自签名密钥。但是,我的问题仍然是 uwsgi 实际上是否完全支持使用 OpenSSL 的自签名密钥的 ssl ?
这是我使用 ssl 构建 uwsgi 的命令 -
uwsgi --https :5006,cert.pem,key.pem --gevent 1000 --http-websockets --master --wsgi-file server.py --callable app
这是我对错误的完整回溯:
Traceback (most recent call last):
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/engineio/server.py", line 405, in _trigger_event
return self.handlers[event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 520, in _handle_eio_message
self._handle_event(sid, pkt.namespace, pkt.id, pkt.data)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 456, in _handle_event
self._handle_event_internal(self, sid, data, namespace, id)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 459, in _handle_event_internal
r = server._trigger_event(data[0], namespace, sid, *data[1:])
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/socketio/server.py", line 488, in _trigger_event
return self.handlers[namespace][event](*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 243, in _handler
*args)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/flask_socketio/__init__.py", line 626, in _handle_event
ret = handler(*args)
File "server.py", line 84, in chat_message
response = request.getresponse()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 128, in getresponse
self._connect()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/apiai/requests/request.py", line 82, in _connect
self._connection.connect()
File "/usr/lib/python3.5/http/client.py", line 1260, in connect
server_hostname=server_hostname)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 60, in wrap_socket
_session=session)
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 232, in __init__
raise x
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 228, in __init__
self.do_handshake()
File "/home/user/uwsgi_Test/virtual_frame/lib/python3.5/site-packages/gevent/_ssl3.py", line 545, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
所以,如果 uwsgi 真的支持自签名密钥,那么该错误的原因可能是什么?或者, gevent 有什么问题吗?
由于我自己没有注册域名,所以暂时无法获得CA签名证书。
根据堆栈跟踪,这不是您在服务器上使用的 self-signed 证书的问题。您的应用程序中有一个名为 chat_message() 的函数,它是一个事件处理程序。在此函数中,您使用请求库发送 HTTP 请求,对吗?
您在此事件处理程序中联系的服务器也是 https://,请求库无法验证它提供的证书。如果该服务也使用 self-signed 证书,那么您需要配置请求以绕过验证,如下所示:
requests.get(url, verify=False)