我正在尝试与服务器建立TLS连接。我的简单脚本如下。但是,当我运行它时,我收到此错误:
Accept-Encoding剧本:
Traceback (most recent call last):
File "tls_client.py", line 28, in <module>
sslSocket.connect((domain, 443))
File "C:\Python36\lib\ssl.py", line 1100, in connect
self._real_connect(addr, False)
File "C:\Python36\lib\ssl.py", line 1091, in _real_connect
self.do_handshake()
File "C:\Python36\lib\ssl.py", line 1068, in do_handshake
self._sslobj.do_handshake()
File "C:\Python36\lib\ssl.py", line 689, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)
问题的原因是什么?我试过像 import socket, ssl
context = ssl.SSLContext(protocol = ssl.PROTOCOL_TLS_CLIENT)
context.set_ciphers('ECDHE-RSA-AES128-GCM-SHA256')
context.verify_mode = ssl.CERT_OPTIONAL
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sslSocket = context.wrap_socket(s, server_hostname = 'www.google.com')
sslSocket.connect((domain, 443))
这样的网站,但我也得到了同样的错误。
修改
我不想关闭verify_mode。我需要它。我认为www.verisign.com和google.com具有可验证的证书。
编辑2: 基于link提供的解决方案: 我运行pip install certifi 然后尝试在Windows命令中运行此命令,但收到错误:
verisign.com