这简单的Python HTTPS请求为什么会抛出SSL错误,即使提供了SSL证书?

huangapple go评论96阅读模式
英文:

Why does this simple Python HTTPS request throw an SSL error even when given an SSL certificate?

问题

以下是您提供的内容的中文翻译:

我最近开始在一家拥有相当严格IT政策的公司实习。我是公司唯一的开发人员,很明显,我遇到的问题很可能不会影响其他人,这使得解决这些问题变得困难。IT部门在代理级别插入了他们自己的SSL证书(可能用于监控网络流量),这导致了在进行HTTPS请求时出现问题。我已经找到了我认为正确的证书,并且已经成功用它来安装conda包。然而,即使给予正确的证书,使用Python的requests包进行的HTTPS请求仍然出错。

以下是一个对https://example.com进行HTTPS请求的非常简单的尝试:

import requests

url = "https://example.com"
response = requests.get(url, cert="/temp/certs/certificate.pem")

以及所有的输出:

python : Traceback (most recent call last):
At line:1 char:1
+ python main.py 2>%1 > bruh.txt
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
 
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 703, in urlopen
    httplib_response = self._make_request(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 386, in _make_request
    self._validate_conn(conn)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 1042, in _validate_conn
    conn.connect()
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connection.py", line 419, in connect
    self.sock = ssl_wrap_socket(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\ssl_.py", line 418, in ssl_wrap_socket
    context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3921)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 487, in send
    resp = conn.urlopen(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
    retries = retries.increment(
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\retry.py", line 592, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "(file location)", line 27, in <module>
    response = requests.get(url, cert="/temp/certs/certificate.pem")
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 73, in get
    return request("get", url, params=params, **kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 59, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 587, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 701, in send
    r = adapter.send(request, **kwargs)
  File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 518, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))

这与在未提供证书时产生的错误不同后者引用了自签名证书

编辑当SSL验证设置为false时请求确实会通过但显然这不是一个真正的解决方案

<details>
<summary>英文:</summary>

I&#39;ve recently started an internship at a company with pretty strict IT policies. I&#39;m the only developer at the company and it is clear that I&#39;m running into problems that most likely don&#39;t affect anyone else here, which makes them difficult to resolve. IT has inserted their own SSL certificate at the proxy level (probably to monitor network traffic), which has led to problems making HTTPS requests. I have found what I believe to be the correct certificate and it has worked to allow me to install packages with conda. However, HTTPS requests made with python&#39;s requests package still error out even when they are given the correct certificate.

Here&#39;s a really simple attempt at an HTTPS request to https://example.com:


import requests

url = "https://example.com"
response = requests.get(url, cert = "/temp/certs/certificate.pem")


And all of the output:

python : Traceback (most recent call last):
At line:1 char:1

  • python main.py 2>%1 > bruh.txt
  •   + CategoryInfo          : NotSpecified: (Traceback (most recent call last)::String) [], RemoteException
    + FullyQualifiedErrorId : NativeCommandError
    File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py&quot;, line 703, in urlopen
    httplib_response = self._make_request(
    File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py&quot;, line 386, in _make_request
    self._validate_conn(conn)
    File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py&quot;, line 1042, in _validate_conn
    conn.connect()
    File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connection.py&quot;, line 419, in connect
    self.sock = ssl_wrap_socket(
    File &quot;C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\ssl_.py&quot;, line 418, in ssl_wrap_socket
    context.load_cert_chain(certfile, keyfile)
    

ssl.SSLError: [SSL] PEM lib (_ssl.c:3921)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 487, in send
resp = conn.urlopen(
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\connectionpool.py", line 787, in urlopen
retries = retries.increment(
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\urllib3\util\retry.py", line 592, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "(file location)", line 27, in <module>
response = requests.get(url, cert = "/temp/certs/certificate.pem")
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 73, in get
return request("get", url, params=params, **kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\api.py", line 59, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 587, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\sessions.py", line 701, in send
r = adapter.send(request, **kwargs)
File "C:\Users\J1P\AppData\Local\anaconda3\envs\schedule_tracker\lib\site-packages\requests\adapters.py", line 518, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='example.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(9, '[SSL] PEM lib (_ssl.c:3921)')))


This is different than the error produced when no certificate is provided, which references a self-signed certificate.
Edit: The request does go through when SSL verification is set to false, but obviously that isn&#39;t really a solution.
</details>
# 答案1
**得分**: 2
The `cert`选项是用于客户端证书验证的。我认为您想要做的是为请求添加一个受信任的 CA 证书。您可以使用`verify`选项来实现这个目的。
```python
response = requests.get(url, verify="/temp/certs/certificate.pem")

您可以在文档中找到更多信息。

英文:

The cert option of the request is meant to be for the client certificate authentication. What I believe you are trying to do is to add a trusted CA for the request. For this use the verify option.

response = requests.get(url, verify = &quot;/temp/certs/certificate.pem&quot;)

You can find the difference in the documentation.

huangapple
  • 本文由 发表于 2023年6月9日 03:06:24
  • 转载请务必保留本文链接:https://go.coder-hub.com/76434987.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定