我最近获得了我的网站的SSL证书:
https://ram.rachum.com/
它在浏览器中运行良好。但它没有requests:
>>> import requests
>>> requests.get('https://ram.rachum.com')
Traceback (most recent call last):
File "<pyshell#1>", line 1, in <module>
requests.get('https://ram.rachum.com')
File "C:\Python27\lib\site-packages\requests\api.py", line 55, in get
return request('get', url, **kwargs)
File "C:\Python27\lib\site-packages\requests\api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Python27\lib\site-packages\requests\sessions.py", line 354, in request
resp = self.send(prep, **send_kwargs)
File "C:\Python27\lib\site-packages\requests\sessions.py", line 460, in send
r = adapter.send(request, **kwargs)
File "C:\Python27\lib\site-packages\requests\adapters.py", line 250, in send
raise SSLError(e)
SSLError: hostname 'ram.rachum.com' doesn't match either of '*.webfaction.com', 'webfaction.com'
为什么呢?为什么requests查看webfaction证书而不是我自己的证书,该证书对ram.rachum.com有效?
答案 0 :(得分:7)
您正在使用不支持SNI(服务器名称指示)的请求库,但您在同一IP地址后面有多个SSL证书,需要SNI。您可以使用openssl s_client验证这一点。如果没有为SNI命名,服务器只会为此IP提供默认证书,即* .webfaction.com:
openssl s_client -connect ram.rachum.com:443
...
0 ...CN=*.webfaction.com
但是如果为SNI指定主机名,则返回预期的证书:
openssl s_client -connect ram.rachum.com:443 -servername ram.rachum.com
...
0 ...CN=ram.rachum.com...
也许您还需要升级您的请求库和其他模块,请参阅using requests with TLS doesn't give SNI support