Python Requests getting SSLerror
尝试使用Requests会话发出一个简单的get请求,但我一直在为特定站点获取SSLerror。 我想也许问题出在网站上(我使用https://www.ssllabs.com进行了扫描,结果如下),但我不能确定,因为我对此领域一无所知:)我肯定会喜欢 了解发生了什么。
解决方案/解释会很棒,
谢谢!
代码:
1 2 3 | import requests requests.get('https://www.reporo.com/') |
我收到了下一个错误:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | SSLError: [Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] --------------------------------------------------------------------------- SSLError Traceback (most recent call last) <ipython-input-7-cfc21b287fee> in <module>() ----> 1 requests.get('https://www.reporo.com/') /usr/local/lib/python2.7/dist-packages/requests/api.pyc in get(url, **kwargs) 63 64 kwargs.setdefault('allow_redirects', True) ---> 65 return request('get', url, **kwargs) 66 67 /usr/local/lib/python2.7/dist-packages/requests/api.pyc in request(method, url, **kwargs) 47 48 session = sessions.Session() ---> 49 response = session.request(method=method, url=url, **kwargs) 50 # By explicitly closing the session, we avoid leaving sockets open which 51 # can trigger a ResourceWarning in some cases, and look like a memory leak /usr/local/lib/python2.7/dist-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json) 459 } 460 send_kwargs.update(settings) --> 461 resp = self.send(prep, **send_kwargs) 462 463 return resp /usr/local/lib/python2.7/dist-packages/requests/sessions.pyc in send(self, request, **kwargs) 571 572 # Send the request --> 573 r = adapter.send(request, **kwargs) 574 575 # Total elapsed time of the request (approximately) /usr/local/lib/python2.7/dist-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies) 429 except (_SSLError, _HTTPError) as e: 430 if isinstance(e, _SSLError): --> 431 raise SSLError(e, request=request) 432 elif isinstance(e, ReadTimeoutError): 433 raise ReadTimeout(e, request=request) SSLError: [Errno bad handshake] [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')] |
我在https://www.ssllabs.com上运行扫描并得到以下信息:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | SSL Report: reporo.com Assessed on: Sun Feb 22 21:42:57 PST 2015 | Clear cache Scan Another >> Server Domain(s) Test time Grade 1 154.51.128.13 Certificate not valid for domain name reporo.com Sun Feb 22 21:40:53 PST 2015 Duration: 9.167 sec - 2 198.12.15.168 protected.ddosdefend.com Ready www.reporo.com Sun Feb 22 21:41:02 PST 2015 Duration: 115.189 sec F |
www.reporo.com(不是reporo.com)的证书本身是有效的,但它缺少ssllabs报告中显示的链证书:
1 2 3 4 | Chain issues Incomplete .... 2 Extra download Thawte DV SSL CA Fingerprint: 3ca958f3e7d6837e1c1acf8b0f6a2e6d487d6762 |
"不完整"和"额外下载"是主要观点。有些浏览器会丢失丢失的链证书,其他浏览器会进行下载,其他浏览器会失败。如果您尝试使用新的Firefox配置文件(没有任何缓存的证书)的网站,它也会失败。
您可以下载缺失的链证书,并将其作为可信CA证书,并将
分步说明:
- 在https://ssl-tools.net/certificates/vqgvhb-thawte-dv-ssl-ca下载缺失的证书(通过搜索SSLLabs报告中给出的指纹找到)。以PEM格式下载文件,即https://ssl-tools.net/certificates/3ca958f3e7d6837e1c1acf8b0f6a2e6d487d6762.pem。
- 通过https://ssl-tools.net/certificates/91c6d6ee3e8ac86384e548c299295c756c817b81.pem下载根证书(也可通过搜索指纹找到)。
-
将两个文件合并为一个新文件
chain.pem 。确保每个文件都以有效的行尾字符结尾(它们没有下载)。生成的文件应如下所示。 -
修改你的电话
1requests.get('https://www.reporo.com/', verify = 'chain.pem')
您可以禁用证书验证:
1 | requests.get('https://www.reporo.com/', verify=False) |
但没有证书验证,就没有中间人攻击保护。
我有同样的错误。将请求-2.17.3的请求降级到请求-2.11.0为我解决了这个问题。
1 2 | pip uninstall requests pip install requests==2.11.0 |
进入类似问题并通过以下方式修复:
1 | pip install -U requests[security] |