关于ssl:cURL查询工作,但python-request失败

cURL queries work, but python-request fails

摘要

我们在我们的环境中使用自定义CA. 我已通过下载Base64证书并使用update-ca-certificates更新信任库来在信任库中导入CA证书。

我能够将cURL查询运行到我的REST API,但是在运行时,请求库因SSL错误而失败。

我试过了什么

我已经尝试指定库的根ca证书文件路径,但是得到了相同的错误。 如何解决此问题? 将verify设置为false不是一种选择。

代码运行

作品

curl -X GET https://api.me.com/admin/ -H'授权:令牌4ae5'

不行

requests.get('https://api.me.com/admin/', headers = {'Authorization':'Token 4ae5'},verify ='/ etc / ssl / certs / root.pem')

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Traceback (most recent call last):
  File"/usr/local/lib/python3.5/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File"/usr/local/lib/python3.5/dist-packages/urllib3/connectionpool.py", line 345, in _make_request
    self._validate_conn(conn)
  File"/usr/local/lib/python3.5/dist-packages/urllib3/connectionpool.py", line 844, in _validate_conn
    conn.connect()
  File"/usr/local/lib/python3.5/dist-packages/urllib3/connection.py", line 326, in connect
    ssl_context=context)
  File"/usr/local/lib/python3.5/dist-packages/urllib3/util/ssl_.py", line 325, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File"/usr/lib/python3.5/ssl.py", line 377, in wrap_socket
    _context=self)
  File"/usr/lib/python3.5/ssl.py", line 752, in __init__
    self.do_handshake()
  File"/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File"/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File"/usr/lib/python3/dist-packages/requests/adapters.py", line 376, in send
    timeout=timeout
  File"/usr/local/lib/python3.5/dist-packages/urllib3/connectionpool.py", line 630, in urlopen
    raise SSLError(e)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File"<stdin>", line 1, in <module>
  File"/usr/lib/python3/dist-packages/requests/api.py", line 67, in get
    return request('get', url, params=params, **kwargs)
  File"/usr/lib/python3/dist-packages/requests/api.py", line 53, in request
    return session.request(method=method, url=url, **kwargs)
  File"/usr/lib/python3/dist-packages/requests/sessions.py", line 480, in request
    resp = self.send(prep, **send_kwargs)
  File"/usr/lib/python3/dist-packages/requests/sessions.py", line 588, in send
    r = adapter.send(request, **kwargs)
  File"/usr/lib/python3/dist-packages/requests/adapters.py", line 447, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)


... requests.get(..., verify='/etc/ssl/certs/root.pem')

鉴于您使用update-ca-certificates的描述,看起来您使用的是Debian或类似的(即Ubuntu)。 在这种情况下,相关路径应为/etc/ssl/certs/ca-certificates.crt