我正在使用
import requests
requests.post(url='https://foo.com', data={'bar':'baz'})
但是我收到了request.exceptions.SSLError。 该网站有一个过期的证书,但我没有发送敏感数据,因此对我来说并不重要。 我想象有一个类似于' verifiy = False'我可以使用,但我似乎无法找到它。
答案 0 :(得分:258)
如果设置,请求也可以忽略验证SSL证书
verify为假。>>> requests.get('https://kennethreitz.com', verify=False) <Response [200]>
如果您正在使用第三方模块并且想要禁用检查,那么这里是一个上下文管理器,它会修补requests并更改它,以便verify=False是默认值并禁止警告。
import warnings
import contextlib
import requests
from urllib3.exceptions import InsecureRequestWarning
old_merge_environment_settings = requests.Session.merge_environment_settings
@contextlib.contextmanager
def no_ssl_verification():
opened_adapters = set()
def merge_environment_settings(self, url, proxies, stream, verify, cert):
# Verification happens only once per connection so we need to close
# all the opened adapters once we're done. Otherwise, the effects of
# verify=False persist beyond the end of this context manager.
opened_adapters.add(self.get_adapter(url))
settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert)
settings['verify'] = False
return settings
requests.Session.merge_environment_settings = merge_environment_settings
try:
with warnings.catch_warnings():
warnings.simplefilter('ignore', InsecureRequestWarning)
yield
finally:
requests.Session.merge_environment_settings = old_merge_environment_settings
for adapter in opened_adapters:
try:
adapter.close()
except:
pass
以下是您使用它的方式:
with no_ssl_verification():
requests.get('https://wrong.host.badssl.com/')
print('It works')
requests.get('https://wrong.host.badssl.com/', verify=True)
print('Even if you try to force it to')
requests.get('https://wrong.host.badssl.com/', verify=False)
print('It resets back')
session = requests.Session()
session.verify = True
with no_ssl_verification():
session.get('https://wrong.host.badssl.com/', verify=True)
print('Works even here')
try:
requests.get('https://wrong.host.badssl.com/')
except requests.exceptions.SSLError:
print('It breaks')
try:
session.get('https://wrong.host.badssl.com/')
except requests.exceptions.SSLError:
print('It breaks here again')
请注意,一旦离开上下文管理器,此代码将关闭处理修补请求的所有打开的适配器。这是因为请求维护每个会话连接池,并且每个连接只发生一次证书验证,因此会出现意外情况:
>>> import requests
>>> session = requests.Session()
>>> session.get('https://wrong.host.badssl.com/', verify=False)
/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
<Response [200]>
>>> session.get('https://wrong.host.badssl.com/', verify=True)
/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
<Response [200]>
答案 1 :(得分:63)
使用requests.packages.urllib3.disable_warnings()。
import requests
requests.packages.urllib3.disable_warnings()
requests.post(url='https://foo.com', data={'bar':'baz'})
答案 2 :(得分:18)
要添加到Blender's answer,您可以使用With regards to the problem you are seeing this is a known issue with GNU
make version 4.1 supplied by ARM with DS5. This version of make was shipped
with DS5 versions 5.23 to 5.26. DS5-5.22 used make 3.81, and DS5-5.27 and
later have used make 4.2 - neither of which suffer from this defect.
There are three possible workarounds in your case:
1 - Avoid using the "shell" command in your make script - this is probably
not ideal!
2 - Upgrade your DS-5 version to 5.27 or later - this may or may not be an
option for you.
3 - Download[*] a different version of GNU make and use it in place of the
version 3.81 that was supplied with your current version of DS-5.
[*] - Although make is freely available under GPL, unfortunately there are
legal implications involved with its redistribution which is why I can't
simply email you an alternative version of make.
Session.verify = False请注意import requests
session = requests.Session()
session.verify = False
session.post(url='https://foo.com', data={'bar':'baz'})
,(请求使用),strongly discourages进行未经验证的HTTPS请求,并且会引发urllib3。
答案 3 :(得分:6)
如果您想使用verify = False选项发送完全发布的请求,最快的方法是使用此代码:
import requests
requests.api.request('post', url, data={'bar':'baz'}, json=None, verify=False)
答案 4 :(得分:4)
也可以从环境变量中完成:
export CURL_CA_BUNDLE=""
答案 5 :(得分:1)
如果你正在写一个scraper并且真的不关心SSL证书,你可以将其设置为全局:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
请勿在生产中使用