Python 3.x 如何修复macOs中Python2/3的ssl错误
我使用python请求方法得到所有URL的ssl错误Python 3.x 如何修复macOs中Python2/3的ssl错误,python-3.x,ssl,https,python-requests,openssl,Python 3.x,Ssl,Https,Python Requests,Openssl,我使用python请求方法得到所有URL的ssl错误 ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1122) 尝试使用python2.7和Python3.9,尝试安装certificates.cmd。同一url的Curl正在工作。试用了brew安装pyth
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1122)
尝试使用python2.7和Python3.9,尝试安装certificates.cmd。同一url的Curl正在工作。试用了brew安装python3
卷曲反应:
$ curl -v "https://mail.google.com"
* Trying 216.58.199.165...
* TCP_NODELAY set
* Connected to mail.google.com (216.58.199.165) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.mail.google.com
* start date: Sep 16 04:07:17 2020 GMT
* expire date: Oct 16 04:07:17 2021 GMT
* subjectAltName: host "mail.google.com" matched cert's "mail.google.com"
* issuer: C=US; ST=CA; L=mountain view; O=xyz; OU=xyz; CN=xyz; emailAddress=xyz
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: mail.google.com
> User-Agent: curl/7.64.1
> Accept: */*
Python:
(编辑)请求代码:
python3 -c "import requests; requests.get('https://mail.google.com')"
您是否处于检查网络数据的环境中?当我连接到那个服务器时,就像其他谷歌系统一样,我会得到一个issuer/C=US/O=google Trust Services/CN=GTS CA 1O1的证书,sslshopper也是如此。发送的链中没有xxx,没有mountain view,没有emailAddress,也没有root/自签名。请尝试
openssl s_client-connect mail.google.com:443-showcerts
(对于SNI,1.1.1不再需要-servername
)查看发送的链,并确定它正在使用(或试图使用)的根目录,并查看这是否是标准的。感谢@dave_thompson_085,这是网络客户端的问题,openssl获取该客户端的ssl证书,而curl获取系统的ssl证书。断开与客户端的连接后,一切都开始工作。您是否处于检查网络数据的环境中?当我连接到那个服务器时,就像其他谷歌系统一样,我会得到一个issuer/C=US/O=google Trust Services/CN=GTS CA 1O1的证书,sslshopper也是如此。发送的链中没有xxx,没有mountain view,没有emailAddress,也没有root/自签名。请尝试openssl s_client-connect mail.google.com:443-showcerts
(对于SNI,1.1.1不再需要-servername
)查看发送的链,并确定它正在使用(或试图使用)的根目录,并查看这是否是标准的。感谢@dave_thompson_085,这是网络客户端的问题,openssl获取该客户端的ssl证书,而curl获取系统的ssl证书。从客户端断开连接后,一切都开始工作。
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/connectionpool.py", line 978, in _validate_conn
conn.connect()
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/connection.py", line 362, in connect
self.sock = ssl_wrap_socket(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/util/ssl_.py", line 384, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 500, in wrap_socket
return self.sslsocket_class._create(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1040, in _create
self.do_handshake()
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/ssl.py", line 1309, in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1122)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/connectionpool.py", line 726, in urlopen
retries = retries.increment(
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='mail.google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1122)')))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/requests/api.py", line 76, in get
return request('get', url, params=params, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='mail.google.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1122)')))
$ python3 -c "import ssl; print(ssl.OPENSSL_VERSION)"
OpenSSL 1.1.1g 21 Apr 2020
$ openssl version
OpenSSL 1.1.1h 22 Sep 2020