Boto [SSL: CERTIFICATE_VERIFY_FAILED] 连接到 S3 时证书验证失败

Boto [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed while connecting to S3

我正在尝试使用 boto 连接到 S3,但它似乎失败了。我尝试了一些解决方法,但它们似乎不起作用。谁能帮我解决这个问题。下面是代码。

import boto

if not boto.config.has_section('Credentials'):
    boto.config.add_section('Credentials')
boto.config.set('Credentials', 'aws_access_key_id', AWS_KEY)
boto.config.set('Credentials', 'aws_secret_access_key', AWS_SECRET_KEY)
if not boto.config.has_section('Boto'):
    boto.config.add_section('Boto')
    boto.config.set('Boto', 'https_validate_certificates', 'False')
    boto.config.add_section('aws info')
    boto.config.set('aws info','aws_validate_certs','False')



s3 = boto.connect_s3(validate_certs=False)
bucket = s3.get_bucket(Bucket_NAME)

我找到方法了,

connect_s3().

中使用了 is_secure=False

可能您的存储桶名称包含一个点,这就是 ssl 证书验证失败的原因。这是一个很常见的问题,例如 github issue

不要使用不安全的连接 (is_secure=False),而是使用 OrdinaryCallingFormat:

import boto
conn = boto.s3.connect_to_region('eu-west-1', calling_format=boto.s3.connection.OrdinaryCallingFormat())
bucket = conn.get_bucket(your_bucket)

您可能需要更新您的 AWS Region,例如us-east-1

我也遇到了这个问题。我的环境是 Ubuntu 15.04,Python 2.7.9 和 Boto 2.38.0.

设置参数 validate_certs=False 不会使其在没有有效证书的情况下使用 HTTPS 连接。看了boto的代码,发现是Python的ssl模块的一个行为。然后我在这里找到了解决方案:。该解决方案确实有效!!!

macOS users: If you are using the Python 3.6 from the python.org binary installer linked on this page, please carefully read the Important Information displayed during installation; this information is also available after installation by clicking on /Applications/Python 3.6/ReadMe.rtf. There is important information there about changes in the 3.6.0 installer-supplied Python, particularly with regard to SSL certificate validation.

https://www.python.org/downloads/release/python-360/

撰写本文时来自 ReadMe.rtf:

Certificate verification and OpenSSL

NEW This variant of Python 3.6 now includes its own private copy of OpenSSL 1.0.2. Unlike previous releases, the deprecated Apple-supplied OpenSSL libraries are no longer used. This also means that the trust certificates in system and user keychains managed by the Keychain Access application and the security command line utility are no longer used as defaults by the Python ssl module. For 3.6.0, a sample command script is included in /Applications/Python 3.6 to install a curated bundle of default root certificates from the third-party certifi package (https://pypi.python.org/pypi/certifi). If you choose to use certifi, you should consider subscribing to the project's email update service to be notified when the certificate bundle is updated.

The bundled pip included with the Python 3.6 installer has its own default certificate store for verifying download connections.

在boto3中,如果你使用的是s3客户端,创建s3客户端时使用verify=False。 例如:

s3 = boto3.client('s3', verify=False)

如 boto3 文档中所述,这只会关闭 SSL 证书的验证。仍将使用 SSL(除非 use_ssl 为 False),但不会验证 SSL 证书。

https://boto3.amazonaws.com/v1/documentation/api/latest/reference/core/session.html

添加验证=假

boto3.resource(
            "s3",
            endpoint_url=<URL>,
            aws_access_key_id=<ID>,
            aws_secret_access_key=<Key>,
            verify=False
        )

办公室笔记本电脑通常安装有网络监视器。发现是网络监控软件干扰python,不让它验证aws的ssl证书。我们必须将其证书(从办公室获得)导入 python 的 cacert.pem 文件,然后它开始正常工作。