在python 2.7.9中禁用默认证书验证

时间:2015-05-26 14:50:41

标签: python ssl

我尝试与XMLRPC api建立本地HTTPS连接。自从我升级到enable by default certificates verification的python 2.7.9后,我在使用API​​时出现了CERTIFICATE_VERIFY_FAILED错误

>>> test=xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API',verbose=False, use_datetime=True)
>>> test.list_satellites()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1233, in __call__
    return self.__send(self.__name, args)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1591, in __request
    verbose=self.__verbose
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1273, in request
    return self.single_request(host, handler, request_body, verbose)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1301, in single_request
    self.send_content(h, request_body)
  File "/usr/local/lib/python2.7/xmlrpclib.py", line 1448, in send_content
    connection.endheaders(request_body)
  File "/usr/local/lib/python2.7/httplib.py", line 997, in endheaders
    self._send_output(message_body)
  File "/usr/local/lib/python2.7/httplib.py", line 850, in _send_output
    self.send(msg)
  File "/usr/local/lib/python2.7/httplib.py", line 812, in send
    self.connect()
  File "/usr/local/lib/python2.7/httplib.py", line 1212, in connect
    server_hostname=server_hostname)
  File "/usr/local/lib/python2.7/ssl.py", line 350, in wrap_socket
    _context=self)
  File "/usr/local/lib/python2.7/ssl.py", line 566, in __init__
    self.do_handshake()
  File "/usr/local/lib/python2.7/ssl.py", line 788, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)
>>> import ssl
>>> ssl._create_default_https_context = ssl._create_unverified_context
>>> test.list_satellites()
[{'paired': True, 'serial': '...', 'enabled': True, 'id': 1, 'date_paired': datetime.datetime(2015, 5, 26, 16, 17, 6)}]

在python 2.7.9中是否存在禁用默认证书验证的pythonic方法?

我不知道改变“私有”全局SSL属性(ssl._create_default_https_context = ssl._create_unverified_context)是否有用

4 个答案:

答案 0 :(得分:21)

您必须提供未经验证的SSL上下文,手动构建或使用ssl模块中的私有函数_create_unverified_context():

unsigned long

注意:此代码仅适用于python&gt; = 2.7.9(在Python 2.7.9中添加了import xmlrpclib import ssl test = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API', verbose=False, use_datetime=True, context=ssl._create_unverified_context()) test.list_satellites() 参数)

如果您希望代码与以前的Python版本兼容,则必须使用context参数:

transport

答案 1 :(得分:3)

可以使用Python 2.7.9 +上现有的公共flat_map API禁用验证:

ssl

答案 2 :(得分:0)

我认为禁用证书验证的另一种方法可能是:

import xmlrpclib
import ssl

s=ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
s.verify_mode=ssl.CERT_NONE

test=xmlrpclib.Server('https://admin:bz15h9v9n@localhost:9999/API',verbose=0,context=s)

答案 3 :(得分:-1)

以Python 2.6.6为例:

s = xmlrpclib.ServerProxy('https://admin:bz15h9v9n@localhost:9999/API', transport=None, encoding=None, verbose=0,allow_none=0, use_datetime=0)

对我有用......