我需要使用SSl证书在客户端和服务器之间建立安全连接。
要创建证书,我使用了以下命令:
openssl genrsa -out root.key 2048
openssl req -x509 -new -nodes -key root.key -sha256 -days 365 -out root.pem
openssl genrsa -out client.key 2048
openssl genrsa -out server.key 2048
openssl req -new -nodes -key client.key -sha256 -days 365 -out client.csr
openssl req -new -nodes -key server.key -sha256 -days 365 -out server.csr
openssl x509 -req -in client.csr -CA root.pem -CAkey root.key -CAcreateserial -out client.crt -days 365 -sha256
openssl x509 -req -in server.csr -CA root.pem -CAkey root.key -CAcreateserial -out server.crt -days 365 -sha256
这些命令创建了文件:
我的客户有代码:
s= requests.session()
s.cert= ("../certificates/client.csr" , "../certificates/client.key")
s.verify = "../certificates/root.pem"
urllib3.disable_warnings()
resp = s.post('https://localhost:5000/', json = token)
它返回错误:
(...)
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
(...)
requests.packages.urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
(...)
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
我的服务器具有以下代码:
context = ssl.SSLContext(ssl.PROTOCOL_TLSv1_2)
context.load_cert_chain('../certificates/server.crt', '../certificates/server.key')
context.load_verify_locations('../certificates/root.pem')
context.verify_mode= ssl.CERT_REQUIRED
(...)
if __name__ == "__main__":
app.run(debug=False, ssl_context=context, threaded=True)
我该怎么办?
答案 0 :(得分:0)
您正在使用自签名证书,您需要使用以下方式禁用证书检查:
requests.post('XXXXXXX', verify=False)