代码:
req = urllib2.Request("https://nfa.sefaz.al.gov.br/nfa/login.aspx",verify=False)
content = opener.open(req)
例外:
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)
系统:
python --version
Python 2.7.9
certifi 2015.04.28
如何解决?
答案 0 :(得分:0)
如何解决?
你应该在Python中确保三件事:
这是使用OpenSSL s_client的快速调试会话。使用-tls1选项满足第(1)项。项目(2)通过-servername选项来实现。
项目(3)未达成,其原因为 Verify return code: 20 (unable to get local issuer certificate) 。获取CA Root并将其置于本地后,您可以使用-CAfile选项指定它。
$ openssl s_client -connect nfa.sefaz.al.gov.br:443 -tls1 -servername nfa.sefaz.al.gov.br
CONNECTED(00000003)
depth=2 C = BR, O = ICP-Brasil, OU = Autoridade Certificadora Raiz Brasileira v2, CN = Autoridade Certificadora SERPRO v3
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
0 s:/C=BR/O=ICP-Brasil/OU=Equipamento A1/OU=ARSERPRO/OU=Autoridade Certificadora SERPROACF/CN=*.sefaz.al.gov.br
i:/C=BR/O=ICP-Brasil/OU=CSPB-1/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do SERPRO Final v4
1 s:/C=BR/O=ICP-Brasil/OU=CSPB-1/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do SERPRO Final v4
i:/C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora SERPRO v3
2 s:/C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v2/CN=Autoridade Certificadora SERPRO v3
i:/C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v2
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHfzCCBWegAwIBAgIDE60yMA0GCSqGSIb3DQEBCwUAMIGmMQswCQYDVQQGEwJC
UjETMBEGA1UEChMKSUNQLUJyYXNpbDEPMA0GA1UECxMGQ1NQQi0xMTswOQYDVQQL
EzJTZXJ2aWNvIEZlZGVyYWwgZGUgUHJvY2Vzc2FtZW50byBkZSBEYWRvcyAtIFNF
UlBSTzE0MDIGA1UEAxMrQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIGRvIFNFUlBS
TyBGaW5hbCB2NDAeFw0xNjExMTExNjUxNDVaFw0xNzExMTExNjUxNDVaMIGXMQsw
CQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEXMBUGA1UECxMORXF1aXBh
bWVudG8gQTExETAPBgNVBAsTCEFSU0VSUFJPMSswKQYDVQQLEyJBdXRvcmlkYWRl
IENlcnRpZmljYWRvcmEgU0VSUFJPQUNGMRowGAYDVQQDDBEqLnNlZmF6LmFsLmdv
di5icjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOvLfJZg93UbffEo
6KhMK5vc5Bp4L53D41wyfJe7mZxcXCmUMcIZE8LvDlN/LBx709BvZ7LbmBt3lofo
8lKOOSFh4SyQWlk/ms8LBxjraqimyXdoGzMLLxDaE9O0wbaHzill+PpOP5MC8o1e
pACQjTRbWzxoB3SxQ2fugpPOMs5wElEYlYAoG14JWmbKn21vrXTVeoq8pTtk7yfQ
dMD6gz4TzKFKeOa1QyHIA6WNQw3TTM5jjPSd7Z2orGWXgqMcplDNTTYGi47iOJrj
5ZHyqZN2l1Yc4SQRw76G42e2OhwXiLYVKy8nNEn4Z2wIgUZtYDoOge+P7rI6oLhC
20ANnSUCAwEAAaOCAsEwggK9MB8GA1UdIwQYMBaAFGTbZ1uzlRdShIm072cgsAiJ
fAdxMFkGA1UdIARSMFAwTgYGYEwBAgEQMEQwQgYIKwYBBQUHAgEWNmh0dHA6Ly9y
ZXBvc2l0b3Jpby5zZXJwcm8uZ292LmJyL2RvY3MvZHBjc2VycHJvYWNmLnBkZjCB
0QYDVR0fBIHJMIHGMDygOqA4hjZodHRwOi8vcmVwb3NpdG9yaW8uc2VycHJvLmdv
di5ici9sY3IvYWNzZXJwcm9hY2Z2NC5jcmwwPqA8oDqGOGh0dHA6Ly9jZXJ0aWZp
Y2Fkb3MyLnNlcnByby5nb3YuYnIvbGNyL2Fjc2VycHJvYWNmdjQuY3JsMEagRKBC
hkBodHRwOi8vcmVwb3NpdG9yaW8uaWNwYnJhc2lsLmdvdi5ici9sY3Ivc2VycHJv
L2Fjc2VycHJvYWNmdjQuY3JsMFYGCCsGAQUFBwEBBEowSDBGBggrBgEFBQcwAoY6
aHR0cDovL3JlcG9zaXRvcmlvLnNlcnByby5nb3YuYnIvY2FkZWlhcy9hY3NlcnBy
b2FjZnY0LnA3YjCB4wYDVR0RBIHbMIHYoCoGBWBMAQMIoCEEH1NFQ1JFVEFSSUEg
RVhFQ1VUSVZBIERFIEZBWkVOREGCESouc2VmYXouYWwuZ292LmJyoDgGBWBMAQME
oC8ELTI1MTExOTcwNDkwOTkyNjQ0NTMwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw
MKAjBgVgTAEDAqAaBBhUQVJDSU8gUk9EUklHVUVTIEJFWkVSUkGgGQYFYEwBAwOg
EAQOMTIyMDAxOTIwMDAxNjmBHXRhcmNpb2JlemVycmFAc2VmYXouYWwuZ292LmJy
MA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw
DQYJKoZIhvcNAQELBQADggIBAKoZwgt/8ti+fPsxinL3pziMAPAoqONsO4VBWnpY
J4puFiE+UZbx3GT1Zo+s4P6ztuKLo+lp3PDaFo1WeWYInc0qXUmWZ96RqZzOTjel
fKVKTYaq3P65RoP3tE9bJn92vc7wqRZmKCdxiRzaMACPg/k76Nq9gVDkambSE2By
yr0lYImWdiHwg1JOM6hUn+YXr5IfCoNmYmuqCODtWdvqwq62sYBcYoEFbJHlpBp6
AVKm3cLM0r1Wv9nSbZjFEFCsepeoSDk6+b74f6JjlWCGMz6zCj6+wXebDndjfyQC
VKS1mfIUC/3Ry89J/40cBn6q/dZdEbjqgwuCP3vgIwHWm+I3cIuZYpOGkUX4OuJU
uhhn5vdCtu8+AGcoc8rPJ+6BZ8bh87Mz84tDUAd0x4yuKs7tE1ONAKr+Ip6GMfZw
MIzgzHuoMnn+6daQnVnO2+jddh9i05ukpifzDs15KsyBwE5grSeTmQ0f5kTCzHWp
xPvk3Ah1XL253C0vLzGcpaPdaybBM4HjnSWj8KrOp4w46cjhjxahz1CSEDxdLx8Q
rqb/CxgKbHU2f+PL6sZKeHZlyJvVCf65x37rAriKsUX+YweB4Y5OH5SHraE4Nuyo
L8ClR0It3xwV34joUw4nmKjFT5GadrBpF4C+6W3rcSVUbTBpxswYYff70JygLU3n
5s9M
-----END CERTIFICATE-----
subject=/C=BR/O=ICP-Brasil/OU=Equipamento A1/OU=ARSERPRO/OU=Autoridade Certificadora SERPROACF/CN=*.sefaz.al.gov.br
issuer=/C=BR/O=ICP-Brasil/OU=CSPB-1/OU=Servico Federal de Processamento de Dados - SERPRO/CN=Autoridade Certificadora do SERPRO Final v4
---
No client certificate CA names sent
---
SSL handshake has read 5883 bytes and written 551 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : AES128-SHA
Session-ID: 230300002B3BC1AC0A9EB14A65B90D48E78CE00107A60E705497D9BDE8477B95
Session-ID-ctx:
Master-Key: 8F706B45691AC6487F0B62B2AA58B7E9C0586AC397EB3731C0BE4CC8791A341CEAA0CA53C7F74CB1239BD4A5E785D16E
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1485222101
Timeout : 7200 (sec)
Verify return code: 20 (unable to get local issuer certificate)