我尝试使用请求模块向需要ssl身份验证的端点发出请求。我的pem文件位于指定的路径中,包含客户端证书和私钥。但是,我一直收到证书验证失败的异常。我在nginx日志中看到请求从未进入过那里。有人有什么想法吗?我知道证书应该有效。
params = {
"param_2" : "32100",
"param_1" : "abc"
}
headers = {
"Content-Type" : "application/json"
}
body = json.dumps(params)
r = requests.post(
https://somesite.com/somepath,
data=body,
headers=headers,
timeout=10,
verify="/path/to/cert.pem"
)
Traceback (most recent call last):
File "./somefile.py", line 264, in <module>
start()
File "./somefile.py", line 149, in start
verify="/path/to/cert.pem"
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 88, in post
return request('post', url, data=data, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 448, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 554, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 417, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
答案 0 :(得分:2)
来自请求文档:
如果设置,请求也可以忽略验证SSL证书 验证为假。
requests.get(&#39; https://kennethreitz.com&#39;,验证=假)
默认情况下,verify设置为True。选项验证仅适用于主机 证书。
您还可以指定用作客户端证书的本地证书, 作为单个文件(包含私钥和证书)或 作为文件路径的元组:
requests.get(&#39; https://kennethreitz.com&#39;,cert =(&#39; /path/server.crt' ;,&#39; / path / key&#39;) )
所以看起来你刚刚错了。尝试使用&#39; cert&#39;而不是验证。