2023年6月9日 03:06:24go评论82阅读模式

英文:

Why does this simple Python HTTPS request throw an SSL error even when given an SSL certificate?

问题

以下是您提供的内容的中文翻译：

我最近开始在一家拥有相当严格IT政策的公司实习。我是公司唯一的开发人员，很明显，我遇到的问题很可能不会影响其他人，这使得解决这些问题变得困难。IT部门在代理级别插入了他们自己的SSL证书（可能用于监控网络流量），这导致了在进行HTTPS请求时出现问题。我已经找到了我认为正确的证书，并且已经成功用它来安装conda包。然而，即使给予正确的证书，使用Python的requests包进行的HTTPS请求仍然出错。

以下是一个对https://example.com进行HTTPS请求的非常简单的尝试：

import requests

url = "https://example.com"
response = requests.get(url, cert="/temp/certs/certificate.pem")

以及所有的输出：

python : Traceback (most recent call last):
At line:1 char:1
+ python main.py 2&gt;%1 &gt; bruh.txt
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\ssl_.py", line 418, in ssl_wrap_socket
    context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3921)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 487, in send
    resp = conn.urlopen(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "(file location)", line 27, in <module>
    response = requests.get(url, cert="/temp/certs/certificate.pem")
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 518, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))

这与在未提供证书时产生的错误不同，后者引用了自签名证书。

编辑：当SSL验证设置为false时，请求确实会通过，但显然这不是一个真正的解决方案。

<details>
<summary>英文:</summary>

I&#39;ve recently started an internship at a company with pretty strict IT policies. I&#39;m the only developer at the company and it is clear that I&#39;m running into problems that most likely don&#39;t affect anyone else here, which makes them difficult to resolve. IT has inserted their own SSL certificate at the proxy level (probably to monitor network traffic), which has led to problems making HTTPS requests. I have found what I believe to be the correct certificate and it has worked to allow me to install packages with conda. However, HTTPS requests made with python&#39;s requests package still error out even when they are given the correct certificate.

Here&#39;s a really simple attempt at an HTTPS request to https://example.com:

import requests

url = "https://example.com"
response = requests.get(url, cert = "/temp/certs/certificate.pem")


And all of the output:

python : Traceback (most recent call last):
At line:1 char:1

python main.py 2>%1 > bruh.txt

  + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py&quot;, line 703, in urlopen
httplib_response = self._make_request(
File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py&quot;, line 386, in _make_request
self._validate_conn(conn)
File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py&quot;, line 1042, in _validate_conn
conn.connect()
File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connection.py&quot;, line 419, in connect
self.sock = ssl_wrap_socket(
File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\ssl_.py&quot;, line 418, in ssl_wrap_socket
context.load_cert_chain(certfile, keyfile)

ssl.SSLError: [SSL] PEM lib (_ssl.c:3921)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 487, in send
resp = conn.urlopen(
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
retries = retries.increment(
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "(file location)", line 27, in <module>
response = requests.get(url, cert = "/temp/certs/certificate.pem")
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 518, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))


This is different than the error produced when no certificate is provided, which references a self-signed certificate.
Edit: The request does go through when SSL verification is set to false, but obviously that isn&#39;t really a solution.
</details>
# 答案1
**得分**: 2
The `cert`选项是用于客户端证书验证的。我认为您想要做的是为请求添加一个受信任的 CA 证书。您可以使用`verify`选项来实现这个目的。
```python
response = requests.get(url, verify="/temp/certs/certificate.pem")

您可以在文档中找到更多信息。

英文:

The cert option of the request is meant to be for the client certificate authentication. What I believe you are trying to do is to add a trusted CA for the request. For this use the verify option.

response = requests.get(url, verify = &quot;/temp/certs/certificate.pem&quot;)

You can find the difference in the documentation.

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

这简单的Python HTTPS请求为什么会抛出SSL错误，即使提供了SSL证书？

问题

如何遍历列表以生成URL的元素。

Looking for a way to split strings in pandas dataframe depending on OR, AND and parentheses.

为什么在包含 continue 语句的 for 循环中 tqdm 进度条不起作用？

使用Python进行Microsoft Graph身份验证

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论