通过python执行请求时出现SSL证书错误

SSL Certificate error while doing a request via python

IAM尝试对https URL进行API调用:

1
response = requests.request("GET", url, headers=headers, params=None, verify=True)

IAM面临以下错误。当我通过curl或postman调用API时,它工作得很好…

Traceback (most recent call last): File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 601, in urlopen
chunked=chunked) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 346, in _make_request
self._validate_conn(conn) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 850, in _validate_conn
conn.connect() File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connection.py",
line 326, in connect
ssl_context=context) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\util\ssl_.py",
line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname) File
"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\contrib\pyopenssl.py",
line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e) ssl.SSLError: ("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify failed')],)",)

在处理上述异常期间,发生了另一个异常:

Traceback (most recent call last): File
"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages
equests\adapters.py",
line 440, in send
timeout=timeout File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 639, in urlopen
_stacktrace=sys.exc_info()[2]) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\util
etry.py",
line 388, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError:
HTTPSConnectionPool(host='freshdesk.freshsales.io', port=443): Max
retries exceeded with url:
/api/sales_accounts/1000080286/conversations.json?include=email_conversation_recipients,all,targetable,phone_numbe,phone_calle,note,user
(Caused by SSLError(SSLError("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify
failed')],)",),))

我试图指定verify=false。仍然有错误

C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py:858:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning) Traceback (most recent call last): File
"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\contrib\pyopenssl.py",
line 441, in wrap_socket
cnx.do_handshake() File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\OpenSSL\SSL.py",
line 1716, in do_handshake
self._raise_ssl_error(self._ssl, result) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\OpenSSL\SSL.py",
line 1456, in _raise_ssl_error
_raise_current_error() File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\OpenSSL_util.py",
line 54, in exception_from_error_queue
raise exception_type(errors) OpenSSL.SSL.Error: [('SSL routines', 'tls_process_server_certificate', 'certificate verify
failed')]

在处理上述异常期间,发生了另一个异常:

Traceback (most recent call last): File
"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 601, in urlopen
chunked=chunked) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 346, in _make_request
self._validate_conn(conn) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connectionpool.py",
line 850, in _validate_conn
conn.connect() File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\connection.py",
line 326, in connect
ssl_context=context) File"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\util\ssl_.py",
line 329, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname) File
"C:\Users\user\AppData\Local\Programs\Python\Python35-32\lib\site-packages\urllib3\contrib\pyopenssl.py",
line 448, in wrap_socket
raise ssl.SSLError('bad handshake: %r' % e) ssl.SSLError: ("bad handshake: Error([('SSL routines',
'tls_process_server_certificate', 'certificate verify failed')],)",)

关于如何避免这个错误有什么想法吗?我浏览了这里的各种问题,但找不到解决方法。URL管理员还确认了服务器证书是有效的,所以我觉得这肯定与一些冲突的包安装有关。

这是我的PIP冻结包列表:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
C:\Users\user\python>pip freeze
asn1crypto==0.23.0
attrs==16.3.0
Automat==0.5.0
beautifulsoup4==4.5.3
bleach==1.5.0
bs4==0.0.1
certifi==2017.7.27.1
cffi==1.11.2
chardet==3.0.4
chargebee==2.1.8
colorama==0.3.7
constantly==15.1.0
cryptography==2.1.1
cssselect==1.0.1
decorator==4.0.11
entrypoints==0.2.2
html5lib==0.9999999
idna==2.6
incremental==16.10.1
ipykernel==4.5.2
ipython==5.3.0
ipython-genutils==0.1.0
ipywidgets==5.2.2
Jinja2==2.9.5
jsonschema==2.6.0
jupyter==1.0.0
jupyter-client==5.0.0
jupyter-console==5.1.0
jupyter-core==4.3.0
lxml==3.7.3
MarkupSafe==0.23
mistune==0.7.3
nbconvert==5.1.1
nbformat==4.3.0
notebook==4.4.1
numpy==1.12.0
pandas==0.19.2
pandocfilters==1.4.1
parsel==1.1.0
pickleshare==0.7.4
prompt-toolkit==1.0.13
pyasn1==0.2.3
pyasn1-modules==0.0.8
pycparser==2.18
PyDispatcher==2.0.5
Pygments==2.2.0
PyJWT==1.5.0
pyOpenSSL==17.3.0
PySocks==1.6.7
python-dateutil==2.6.0
pytz==2016.10
pyzmq==16.0.2
qtconsole==4.2.1
queuelib==1.4.2
requests==2.18.4
selenium==3.0.2
service-identity==16.0.0
simplegeneric==0.8.1
six==1.11.0
testpath==0.3
tornado==4.4.2
traitlets==4.3.2
twilio==6.0.0
urllib3==1.22
w3lib==1.17.0
wcwidth==0.1.7
widgetsnbextension==1.2.6
win-unicode-console==0.5
zope.interface==4.3.3

最后发现这是一个网络问题。我公司的IT团队对此进行了研究,他们通过做一些IP白名单来解决这个问题。