Python使用组合的.pem文件请求SSL错误

时间:2015-10-14 23:25:00

标签: python ssl python-requests

我有一个内部服务器/ api,由内部子ca签名,由root ca签名。在我的浏览器中,站点是受信任和验证的,因为导入了根ca和sub ca证书。我还可以验证Web服务器的签名链。

我正在使用python请求库来调用api。我创建了一个.pem文件,其中包含root ca和sub ca certs

例如

-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----

在发出请求时,我使用了

r = requests.get('https://server/api', auth=(user,password), cert='/path/to/cert_bundle.pem')

我收到的错误是

---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-16-04e0aff97162> in <module>()
----> 1 r = requests.get('https://host/api/', auth=(user,password), cert='/path/to/cert_bundle.pem')

/usr/lib/python2.7/site-packages/requests/api.pyc in get(url, **kwargs)
     66
     67     kwargs.setdefault('allow_redirects', True)
---> 68     return request('get', url, **kwargs)
     69
     70

/usr/lib/python2.7/site-packages/requests/api.pyc in request(method, url, **kwargs)
     48
     49     session = sessions.Session()
---> 50     response = session.request(method=method, url=url, **kwargs)
     51     # By explicitly closing the session, we avoid leaving sockets open which
     52     # can trigger a ResourceWarning in some cases, and look like a memory leak

/usr/lib/python2.7/site-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
    462         }
    463         send_kwargs.update(settings)
--> 464         resp = self.send(prep, **send_kwargs)
    465
    466         return resp

/usr/lib/python2.7/site-packages/requests/sessions.pyc in send(self, request, **kwargs)
    574
    575         # Send the request
--> 576         r = adapter.send(request, **kwargs)
    577
    578         # Total elapsed time of the request (approximately)

/usr/lib/python2.7/site-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies)
    429         except (_SSLError, _HTTPError) as e:
    430             if isinstance(e, _SSLError):
--> 431                 raise SSLError(e, request=request)
    432             elif isinstance(e, ReadTimeoutError):
    433                 raise ReadTimeout(e, request=request)

SSLError: [SSL] PEM lib (_ssl.c:2757)

我的证书无法验证的任何想法?我尝试在.pem文件中反转顺序,但是仍然无法让我的请求工作。

我也尝试使用verify=False,但不是我想要的,并抛出错误

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: 
InsecureRequestWarning: Unverified HTTPS request is being made. Adding 
certificate verification is strongly advised. See: 
https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

2 个答案:

答案 0 :(得分:1)

您似乎正在使用错误的参数将路径传递给证书包,您的代码应为:

r = requests.get('https://server/api', auth=(user,password), verify='/path/to/cert_bundle.pem')

用于验证CA签名的远程证书的参数是verify。如果您只指定verify=True,那么它将使用默认的内部根证书存储,但您也可以像我的代码示例一样将路径传递到您自己的商店。

cert参数用于向远程服务器确认您自己的身份,您的服务器可能并不关心此处。

答案 1 :(得分:0)

会话中的参数错误 它不是证书,而是验证 .... 

import gitlab
import requests

session = requests.Session()
session.verify = 'ca_cert.pem'
domain = 'https://your.gitlab.server.com'
gl = gitlab.Gitlab(domain, private_token='your access token', api_version="4", session=session)
gl.auth()

pathToProject = "path/to/repo"
project = gl.projects.get(pathToProject)
items = project.repository_tree()

print(items)
相关问题
最新问题