我遇到了一個非常奇怪的錯誤,它與SSL和Python到google.com有關(或者更一般地說,我認爲有多個證書的域鏈)。每當我試着做了要求https://*.google.com/whatever
我得到以下錯誤:SSL3_GET_SERVER_CERTIFICATE當請求(僅)請求時,Python證書驗證失敗* .google.com
SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",) while doing GET request to URL: https://google.com/
我做了什麼至今
我經歷了許多籃球試圖得到這個工作走了,我訴諸張貼到堆棧現在溢出,我不知道該怎麼做。這是我曾嘗試:
注意到
date
返回了背後的真實時間2分鐘日期(可能我的無效證書)。我解決這個假設它會驗證證書。這並沒有解決這個問題。發現Python 2.7.9從Python 3反向移植了一些SSL庫。我從Python 2.7.6升級到了2.7.9,假設更新(包括此線程中列出的修復程序:https://serverfault.com/questions/692110/error-with-python2-as-a-https-client-with-an-nginx-server-and-ssl-certificate-ch)將修復它。沒有運氣,同樣的錯誤。
很明顯,設置
verify=False
的作品,但我們不願意在安全方面有所改進,我們需要讓verify=True
工作。curl https://google.com
也按預期工作。這是我知道它與Python有關的。
$ python -V
Python 2.7.9
$ pip list | grep -e requests
requests (2.9.1)
$ uname-a # ubuntu 14.04
Linux staging.example.com 3.13.0-48-generiC#80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
例
這是僅發生的谷歌域通過https。這裏是一個例子:
$ ipython
Python 2.7.9 (default, Jan 6 2016, 21:37:32)
Type "copyright", "credits" or "license" for more information.
IPython 4.0.1 -- An enhanced Interactive Python.
? -> Introduction and overview of IPython's features.
%quickref -> Quick reference.
help -> Python's own help system.
object? -> Details about 'object', use 'object??' for extra details.
In [1]: import requests
In [2]: requests.get('https://facebook.com', verify=True)
Out[2]: <Response [200]>
In [3]: requests.get('https://stackoverflow.com', verify=True)
Out[3]: <Response [200]>
In [4]: requests.get('https://spotify.com', verify=True)
Out[4]: <Response [200]>
In [5]: requests.get('http://google.com', verify=True) # notice the http
Out[5]: <Response [200]>
In [6]: requests.get('https://google.com', verify=True)
---------------------------------------------------------------------------
SSLError Traceback (most recent call last)
<ipython-input-6-a7fff1831944> in <module>()
----> 1 requests.get('https://google.com', verify=True)
/example/.virtualenv/example/lib/python2.7/site-packages/requests/api.pyc in get(url, params, **kwargs)
65
66 kwargs.setdefault('allow_redirects', True)
---> 67 return request('get', url, params=params, **kwargs)
68
69
/example/.virtualenv/example/lib/python2.7/site-packages/requests/api.pyc in request(method, url, **kwargs)
51 # cases, and look like a memory leak in others.
52 with sessions.Session() as session:
---> 53 return session.request(method=method, url=url, **kwargs)
54
55
/example/.virtualenv/example/lib/python2.7/site-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
466 }
467 send_kwargs.update(settings)
--> 468 resp = self.send(prep, **send_kwargs)
469
470 return resp
/example/.virtualenv/example/lib/python2.7/site-packages/requests/sessions.pyc in send(self, request, **kwargs)
574
575 # Send the request
--> 576 r = adapter.send(request, **kwargs)
577
578 # Total elapsed time of the request (approximately)
/example/.virtualenv/example/lib/python2.7/site-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies)
445 except (_SSLError, _HTTPError) as e:
446 if isinstance(e, _SSLError):
--> 447 raise SSLError(e, request=request)
448 elif isinstance(e, ReadTimeoutError):
449 raise ReadTimeout(e, request=request)
SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",)
我有同樣的問題,似乎降級cerifi於2015年4月28日版本解決了這個問題,但我仍然有一些疑問: - 爲什麼它幾天前運行良好。 - 我使用的是2016.2.28版本,所以錯誤仍然存在? –
@WalterTraspadini在我的情況下,我認爲問題開始後,我們'pip安裝請求[安全]'擺脫煩人的警告 – seans
它必須是因爲升級請求包。 – Mutant