Question

尝试使用客户端SSL证书连接到Jira实例时，我收到SSL错误：

>>> jira.JIRA(server="https://jira.server", options={'client_cert':'/path/to/my/cert.pem', 'verify':False})

WARNING:root:HTTPSConnectionPool(host='https://jira.server', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1056)'))) while doing GET https://jira.server/rest/api/2/serverInfo [{'params': None, 'headers': {'User-Agent': 'python-requests/2.22.0', 'Accept-Encoding': 'gzip, deflate', 'Accept': 'application/json,*.*;q=0.9', 'Connection': 'keep-alive', 'Cache-Control': 'no-cache', 'Content-Type': 'application/json', 'X-Atlassian-Token': 'no-check'}}]
WARNING:root:Got ConnectionError [HTTPSConnectionPool(host='jira.server', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1056)')))] errno:None on GET https://jira.server/rest/api/2/serverInfo
{'response': None, 'request': <PreparedRequest [GET]>}\{'response': None, 'request': <PreparedRequest [GET]>}
WARNING:root:Got recoverable error from GET https://jira.server/rest/api/2/serverInfo, will retry [1/3] in 12.759554186699715s. Err: HTTPSConnectionPool(host='jira.server', port=443): Max retries exceeded with url: /rest/api/2/serverInfo (Caused by SSLError(SSLError(1, '[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:1056)')))
^CTraceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/client.py", line 472, in __init__
    si = self.server_info()
  File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/client.py", line 2133, in server_info
    j = self._get_json('serverInfo')
  File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/client.py", line 2549, in _get_json
    r = self._session.get(url, params=params)
  File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/resilientsession.py", line 151, in get
    return self.__verb('GET', url, **kwargs)
  File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/resilientsession.py", line 136, in __verb
    if self.__recoverable(response_or_exception, url, verb.upper(), retry_number):
  File "/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/jira/resilientsession.py", line 104, in __recoverable
    time.sleep(delay)
KeyboardInterrupt

使用requests模块发出的相同请求可以正常工作：

>>> requests.get("https://jira.server/rest/api/2/serverInfo", verify=False, cert='/path/to/my/cert.pem')
/Users/toryan/.envs/python-jira/lib/python3.7/site-packages/urllib3/connectionpool.py:851: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
<Response [200]>

.pem文件包含证书和私钥。使用单独的证书和私钥文件，并将它们作为元组传递给client_cert时，出现相同的错误。我也尝试过将.pem和.key文件的内容作为字符串传递，但这没有用。

Answer 1

只需从选项中删除验证。它将解决您的问题。

因为您已经添加了证书路径和verify=False，即您明确要求请求/适配器模块不要添加您添加的证书。

例如：

jira.JIRA(server="https://jira.server", options={'client_cert':'/path/to/my/cert.pem'})

或以下代码将遵循certifi软件包提供的默认证书。

jira.JIRA(server="https://jira.server")

使用Python Jira模块连接到Jira服务器时出现SSL错误

1 个答案: