Python 请求组合 .pem 文件的 SSL 错误
Python requests SSL error with combined .pem file
我有一个内部 server/api 由一个由根 ca 签名的内部子 ca 签名。在我的浏览器中,该站点是受信任和验证的,因为导入了根 ca 和子 ca 证书。我还可以验证 Web 服务器的签名链。
我正在使用 python 请求库来调用 api。我创建了一个 .pem 文件,其中包含根 ca 和子 ca 证书
例如
-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----
在发出请求调用时我使用了
r = requests.get('https://server/api', auth=(user,password), cert='/path/to/cert_bundle.pem')
我收到的错误是
---------------------------------------------------------------------------
SSLError Traceback (most recent call last)
<ipython-input-16-04e0aff97162> in <module>()
----> 1 r = requests.get('https://host/api/', auth=(user,password), cert='/path/to/cert_bundle.pem')
/usr/lib/python2.7/site-packages/requests/api.pyc in get(url, **kwargs)
66
67 kwargs.setdefault('allow_redirects', True)
---> 68 return request('get', url, **kwargs)
69
70
/usr/lib/python2.7/site-packages/requests/api.pyc in request(method, url, **kwargs)
48
49 session = sessions.Session()
---> 50 response = session.request(method=method, url=url, **kwargs)
51 # By explicitly closing the session, we avoid leaving sockets open which
52 # can trigger a ResourceWarning in some cases, and look like a memory leak
/usr/lib/python2.7/site-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
462 }
463 send_kwargs.update(settings)
--> 464 resp = self.send(prep, **send_kwargs)
465
466 return resp
/usr/lib/python2.7/site-packages/requests/sessions.pyc in send(self, request, **kwargs)
574
575 # Send the request
--> 576 r = adapter.send(request, **kwargs)
577
578 # Total elapsed time of the request (approximately)
/usr/lib/python2.7/site-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies)
429 except (_SSLError, _HTTPError) as e:
430 if isinstance(e, _SSLError):
--> 431 raise SSLError(e, request=request)
432 elif isinstance(e, ReadTimeoutError):
433 raise ReadTimeout(e, request=request)
SSLError: [SSL] PEM lib (_ssl.c:2757)
知道为什么我的证书无法验证吗?我尝试颠倒 .pem 文件中的顺序以防顺序很重要,但仍然无法使我的请求生效。
我也试过 verify=False 有效但不是我想要的并抛出错误
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
看起来您使用了错误的参数来传递证书包的路径,您的代码应为:
r = requests.get('https://server/api', auth=(user,password), verify='/path/to/cert_bundle.pem')
用于验证由 CA 签署的远程证书的参数是 verify。如果您只指定 verify=True 那么它将使用默认的内部根证书存储,但您也可以像我的代码示例一样传递到您自己的存储的路径。
cert参数用于向远程服务器确认您自己的身份,您的服务器可能不关心这里。
会话中的参数错误
它不是 cert 它是 verify...
import gitlab
import requests
session = requests.Session()
session.verify = 'ca_cert.pem'
domain = 'https://your.gitlab.server.com'
gl = gitlab.Gitlab(domain, private_token='your access token', api_version="4", session=session)
gl.auth()
pathToProject = "path/to/repo"
project = gl.projects.get(pathToProject)
items = project.repository_tree()
print(items)
我有一个内部 server/api 由一个由根 ca 签名的内部子 ca 签名。在我的浏览器中,该站点是受信任和验证的,因为导入了根 ca 和子 ca 证书。我还可以验证 Web 服务器的签名链。
我正在使用 python 请求库来调用 api。我创建了一个 .pem 文件,其中包含根 ca 和子 ca 证书
例如
-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----
在发出请求调用时我使用了
r = requests.get('https://server/api', auth=(user,password), cert='/path/to/cert_bundle.pem')
我收到的错误是
---------------------------------------------------------------------------
SSLError Traceback (most recent call last)
<ipython-input-16-04e0aff97162> in <module>()
----> 1 r = requests.get('https://host/api/', auth=(user,password), cert='/path/to/cert_bundle.pem')
/usr/lib/python2.7/site-packages/requests/api.pyc in get(url, **kwargs)
66
67 kwargs.setdefault('allow_redirects', True)
---> 68 return request('get', url, **kwargs)
69
70
/usr/lib/python2.7/site-packages/requests/api.pyc in request(method, url, **kwargs)
48
49 session = sessions.Session()
---> 50 response = session.request(method=method, url=url, **kwargs)
51 # By explicitly closing the session, we avoid leaving sockets open which
52 # can trigger a ResourceWarning in some cases, and look like a memory leak
/usr/lib/python2.7/site-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
462 }
463 send_kwargs.update(settings)
--> 464 resp = self.send(prep, **send_kwargs)
465
466 return resp
/usr/lib/python2.7/site-packages/requests/sessions.pyc in send(self, request, **kwargs)
574
575 # Send the request
--> 576 r = adapter.send(request, **kwargs)
577
578 # Total elapsed time of the request (approximately)
/usr/lib/python2.7/site-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies)
429 except (_SSLError, _HTTPError) as e:
430 if isinstance(e, _SSLError):
--> 431 raise SSLError(e, request=request)
432 elif isinstance(e, ReadTimeoutError):
433 raise ReadTimeout(e, request=request)
SSLError: [SSL] PEM lib (_ssl.c:2757)
知道为什么我的证书无法验证吗?我尝试颠倒 .pem 文件中的顺序以防顺序很重要,但仍然无法使我的请求生效。
我也试过 verify=False 有效但不是我想要的并抛出错误
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
看起来您使用了错误的参数来传递证书包的路径,您的代码应为:
r = requests.get('https://server/api', auth=(user,password), verify='/path/to/cert_bundle.pem')
用于验证由 CA 签署的远程证书的参数是 verify。如果您只指定 verify=True 那么它将使用默认的内部根证书存储,但您也可以像我的代码示例一样传递到您自己的存储的路径。
cert参数用于向远程服务器确认您自己的身份,您的服务器可能不关心这里。
会话中的参数错误 它不是 cert 它是 verify...
import gitlab
import requests
session = requests.Session()
session.verify = 'ca_cert.pem'
domain = 'https://your.gitlab.server.com'
gl = gitlab.Gitlab(domain, private_token='your access token', api_version="4", session=session)
gl.auth()
pathToProject = "path/to/repo"
project = gl.projects.get(pathToProject)
items = project.repository_tree()
print(items)