Python urllib和;SSL:证书“验证失败”;错误
我得到以下错误:Python urllib和;SSL:证书“验证失败”;错误,python,python-2.7,ssl,ssl-certificate,urllib,Python,Python 2.7,Ssl,Ssl Certificate,Urllib,我得到以下错误: Exception in thread Thread-3: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner self.run() File "/Library/Frameworks/Python.framework
Exception in thread Thread-3:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in run
self.__target(*self.__args, **self.__kwargs)
File "/Users/Matthew/Desktop/Skypebot 2.0/bot.py", line 271, in process
info = urllib2.urlopen(req).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
我使用的API要求我使用HTTPS。如何使其绕过验证?正如我在评论中所写,此问题可能与 简而言之:有多种方法可以验证证书。OpenSSL使用的验证与系统上的受信任根证书不兼容。Python使用OpenSSL 您可以尝试获取缺少的证书,然后根据以下内容使用
cafile
选项:
如果您只想绕过验证,您可以创建一个新的。默认情况下,新创建的上下文使用 如第节所述,注意这一点 直接调用SSLContext构造函数时,默认为CERT_NONE。由于它不验证另一个对等方,因此它可能不安全,尤其是在客户端模式下,在这种模式下,您通常希望确保与之交谈的服务器的真实性。因此,在客户端模式下,强烈建议使用CERT_REQUIRED 但是,如果您只是出于其他原因希望它现在能够工作,那么您可以执行以下操作,您还必须
导入ssl
:
input = input.replace("!web ", "")
url = "https://domainsearch.p.mashape.com/index.php?name=" + input
req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' })
gcontext = ssl.SSLContext() # Only for gangstars
info = urllib2.urlopen(req, context=gcontext).read()
Message.Chat.SendMessage ("" + info)
这应该可以解决您的问题,但您并没有真正解决任何问题,但您不会看到[SSL:CERTIFICATE\u VERIFY\u FAILED]
,因为您现在没有验证证书
除此之外,如果您想了解更多关于您为什么会看到这些问题的信息,您需要了解一下
此PEP建议在默认情况下启用X509证书签名的验证,以及Python HTTP客户端的主机名验证,但每次调用都会选择退出。此更改将应用于Python2.7、Python3.4和Python3.5
有一个建议的选择退出与我上面的建议没有什么不同:
import ssl
# This restores the same behavior as before.
context = ssl._create_unverified_context()
urllib.urlopen("https://no-valid-cert", context=context)
它还具有一个高度不鼓励的选项,通过该选项,您在python中不常看到:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
它将使用创建未验证上下文的函数覆盖用于创建上下文的默认函数
请注意,如政治公众人物中所述:
本指南主要针对希望采用较新版本的Python的系统管理员,这些Python在尚未支持HTTPS连接上的证书验证的遗留环境中实现此PEP。例如,管理员可以通过在其Python标准操作环境中将上面的monkeypatch添加到sitecustomize.py来选择退出应用程序和库不应在整个过程中进行此更改(系统管理员控制的配置设置除外)
如果你想读一篇关于为什么不验证证书在软件中不好的文章 和您一样,我在旧iMac(OS X 10.6.8)上使用python 2.7,我也遇到了这个问题,使用urllib2.urlopen:
urlopen error [SSL: CERTIFICATE_VERIFY_FAILED]
我的程序运行正常,没有SSL证书问题,并且(在加载程序之后)突然由于这个SSL错误而崩溃
问题在于使用的python版本:
/Applications/Python 2.7/ReadMe.rtf
中有一章名为证书验证和OpenSSL[为Python 2.7.9而更改]
,详细解释了这个问题
因此,请检查、下载python的正确版本并将其放入路径中。在Windows上,python不查看系统证书,而是使用位于
?\lib\site packages\certifi\cacert.pem的自己的证书
您的问题的解决方案:
将域验证证书作为*.crt或*pem文件下载
在编辑器中打开文件并将其内容复制到剪贴板
查找您的cacert.pem
位置:from requests.utils import DEFAULT\u CA\u BUNDLE\u路径;打印(默认\u CA\u BUNDLE\u路径)
编辑cacert.pem
文件,并将域验证证书粘贴到文件末尾
保存文件并享受请求李>
我羞愧地低下头,因为我也有同样的问题,只是在我的情况下,我点击的URL是有效的,证书是有效的。无效的是我的网络连接。我未能将代理详细信息添加到浏览器中(即在本例中)。这使验证过程无法正确进行。
添加了代理详细信息,我的python当时非常高兴。如果您使用vCenter 6,则应将vCenter的vmware证书颁发机构证书添加到操作系统的受信任CA列表中。要下载您的证书,请执行以下操作
打开Web浏览器
导航到https://
在右下角,单击下载受信任的根CA链接
论软呢帽
解压缩并将扩展名从.0更改为.cer
将其复制到/etc/pki/ca-trust/source/anchors/
运行更新ca信任命令
链接:
对于Centos 6/7上的Python 3.4+,Fedora,只需按以下方式安装受信任的CA:
将CA.crt复制到/etc/pki/CA-trust/source/anchors/
更新ca信任力启用
更新ca信任摘录
Python 2.7.12(默认,2016年7月29日,15:26:22)修复了上述问题。这些信息可能会帮助其他人
import requests
requests.packages.urllib3.disable_warnings()
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
从这里开始您可以尝试将其添加到环境变量中:
PYTHONHTTPSVERIFY=0
请注意,这将禁用所有HTTPS验证,因此这有点像一个大锤式的方法,但是如果不需要验证,它可能是一个有效的解决方案。这不是解决您的特定问题的解决方案,但我把它放在这里是因为此线程是“SSL:CERTIFICATE\u VERIFY\u FA”的顶级Google结果
import requests
requests.packages.urllib3.disable_warnings()
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
PYTHONHTTPSVERIFY=0
pip install certifi
/Applications/Python\ 3.6/Install\ Certificates.command
sudo easy_install pip
sudo pip3 install -U nltk --ignore-installed six
which python python2 python3
which pip pip2 pip3
python3
import nltk
nltk.__path__
['/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/nltk']
/Applications/Python\ 3.6/Install\ Certificates.command
python3 -m nltk.downloader book
pip install certifi # for your virtualenv
mkdir -p /Library/Frameworks/Python.framework/Versions/3.6/etc/openssl
cp -a <your virtualenv>/site-package/certifi/cacert.pem \
/Library/Frameworks/Python.framework/Versions/3.6/etc/openssl/cert.pem
port install openssl
import urllib.request as urlrq
resp = urlrq.urlopen('https://example.com/bar/baz.html')
import urllib.request as urlrq
import certifi
resp = urlrq.urlopen('https://example.com/bar/baz.html', cafile=certifi.where())
import urllib.request as urlrq
import certifi
import ssl
resp = urlrq.urlopen('https://example.com/bar/baz.html', context=ssl.create_default_context(cafile=certifi.where()))
pip install PyOpenSSL
> cd "/Applications/Python 3.6/"
> sudo "./Install Certificates.command"
import ssl
try:
_create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
# Legacy Python that doesn't verify HTTPS certificates by default
pass
else:
# Handle target environment that doesn't support HTTPS verification
ssl._create_default_https_context = _create_unverified_https_context
import ssl
ssl.get_default_verify_paths()
Out[35]: DefaultVerifyPaths(cafile='/miniconda3/ssl/cert.pem', capath=None,
openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/miniconda3/ssl/cert.pem',
openssl_capath_env='SSL_CERT_DIR', openssl_capath='/miniconda3/ssl/certs')
conda config --set ssl_verify <pathToYourFile>.crt
ssl_verify: <pathToYourFile>.crt
ERROR: requests 2.21.0 has requirement urllib3<1.25,>=1.21.1, but you'll have urllib3 1.25 which is incompatible.
pip install 'urllib3<1.25' --force-reinstall
>>> import ssl
>>> ssl.get_default_verify_paths()
DefaultVerifyPaths(cafile='/usr/local/anaconda3/ssl/cert.pem', capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/anaconda3/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/anaconda3/ssl/certs')
DefaultVerifyPaths(cafile='', capath=None, openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/anaconda3/envs/py27/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/anaconda3/envs/py27/ssl/certs')
cd /usr/local/anaconda3/envs/py27/
mkdir ssl
cd ssl
ln -s ../../../ssl/cert.pem
$ sudo update-ca-certificates --fresh
$ export SSL_CERT_DIR=/etc/ssl/certs
$ cd $HOME
$ wget --quiet https://curl.haxx.se/ca/cacert.pem
$ export SSL_CERT_FILE=$HOME/cacert.pem
wget https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt
mv DigiCertSHA2SecureServerCA.crt DigiCertSHA2SecureServerCA.der
openssl x509 -inform DER -outform PEM -in DigiCertSHA2SecureServerCA.der -out DigicertSHA2SecureServerCA.pem.crt
sudo mkdir /usr/share/ca-certificates/extra
sudo cp DigicertSHA2SecureServerCA.pem.crt /usr/share/ca-certificates/extra/
sudo dpkg-reconfigure ca-certificates