我正在使用最新的请求版本
2.25.1
,当我设置session.verify = False
时,它仍然尝试验证SSL证书。
这是我的代码示例。
import requests
session = requests.session()
headers = {'content-type': 'application/json',
'accept': 'application/json',
'user-agent': 'PyU4V/9.2.1.3 (Linux; version 3.10.0-957.27.2.el7.x86_64) Python 3.7.3',
'application-type': 'PyU4V-9.2.1.3'}
session.headers = headers
username = "username"
password = "password"
session.auth = HTTPBasicAuth(username, password)
session.verify = False
url = 'https://X.X.X.X:8443/univmax/restapi/version'
session.request(method='GET', url=url)
---------------------------------------------------------------------------
SSLCertVerificationError Traceback (most recent call last)
/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py in urlopen(self, method, url, body, headers, retries, redirect, assert_same_host, timeout, pool_timeout, release_conn, chunked, body_pos, **response_kw)
705 headers=headers,
--> 706 chunked=chunked,
707 )
/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py in _make_request(self, conn, method, url, timeout, chunked, **httplib_request_kw)
381 try:
--> 382 self._validate_conn(conn)
383 except (SocketTimeout, BaseSSLError) as e:
/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py in _validate_conn(self, conn)
1009 if not getattr(conn, "sock", None): # AppEngine might not have `.sock`
-> 1010 conn.connect()
1011
/usr/local/lib/python3.7/dist-packages/urllib3/connection.py in connect(self)
420 ssl_context=context,
--> 421 tls_in_tls=tls_in_tls,
422 )
/usr/local/lib/python3.7/dist-packages/urllib3/util/ssl_.py in ssl_wrap_socket(sock, keyfile, certfile, cert_reqs, ca_certs, server_hostname, ssl_version, ciphers, ssl_context, ca_cert_dir, key_password, ca_cert_data, tls_in_tls)
431 else:
--> 432 ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls)
433 return ssl_sock
/usr/local/lib/python3.7/dist-packages/urllib3/util/ssl_.py in _ssl_wrap_socket_impl(sock, ssl_context, tls_in_tls, server_hostname)
473 else:
--> 474 return ssl_context.wrap_socket(sock)
/usr/lib/python3.7/ssl.py in wrap_socket(self, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, session)
411 context=self,
--> 412 session=session
413 )
/usr/lib/python3.7/ssl.py in _create(cls, sock, server_side, do_handshake_on_connect, suppress_ragged_eofs, server_hostname, context, session)
852 raise ValueError("do_handshake_on_connect should not be specified for non-blocking sockets")
--> 853 self.do_handshake()
854 except (OSError, ValueError):
/usr/lib/python3.7/ssl.py in do_handshake(self, block)
1116 self.settimeout(None)
-> 1117 self._sslobj.do_handshake()
1118 finally:
SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)
During handling of the above exception, another exception occurred:
MaxRetryError Traceback (most recent call last)
/usr/local/lib/python3.7/dist-packages/requests/adapters.py in send(self, request, stream, timeout, verify, cert, proxies)
448 retries=self.max_retries,
--> 449 timeout=timeout
450 )
/usr/local/lib/python3.7/dist-packages/urllib3/connectionpool.py in urlopen(self, method, url, body, headers, retries, redirect, assert_same_host, timeout, pool_timeout, release_conn, chunked, body_pos, **response_kw)
755 retries = retries.increment(
--> 756 method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
757 )
/usr/local/lib/python3.7/dist-packages/urllib3/util/retry.py in increment(self, method, url, response, error, _pool, _stacktrace)
573 if new_retry.is_exhausted():
--> 574 raise MaxRetryError(_pool, url, error or ResponseError(cause))
575
MaxRetryError: HTTPSConnectionPool(host='X.X.X.X', port=8443): Max retries exceeded with url: /univmax/restapi/version (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)')))
During handling of the above exception, another exception occurred:
SSLError Traceback (most recent call last)
<ipython-input-61-d1c0089b962c> in <module>
----> 1 session.request(method='GET', url=url)
/usr/local/lib/python3.7/dist-packages/requests/sessions.py in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
540 }
541 send_kwargs.update(settings)
--> 542 resp = self.send(prep, **send_kwargs)
543
544 return resp
/usr/local/lib/python3.7/dist-packages/requests/sessions.py in send(self, request, **kwargs)
653
654 # Send the request
--> 655 r = adapter.send(request, **kwargs)
656
657 # Total elapsed time of the request (approximately)
/usr/local/lib/python3.7/dist-packages/requests/adapters.py in send(self, request, stream, timeout, verify, cert, proxies)
512 if isinstance(e.reason, _SSLError):
513 # This branch is for urllib3 v1.22 and later.
--> 514 raise SSLError(e, request=request)
515
516 raise ConnectionError(e, request=request)
SSLError: HTTPSConnectionPool(host='X.X.X.X', port=8443): Max retries exceeded with url: /univmax/restapi/version (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)')))
当我在请求中传递
verify=False
时,它会返回正确的响应。
session.request(method='GET', url=url, verify=False)
<Response [200]>
我检查了
session
代码,其中verify
默认设置为True
。
但是当我们显式设置时
session.verify = False
它应该忽略 SSL。
这是
requests
库中的一个错误,可能是由设置 REQUESTS_CA_BUNDLE
环境变量引起的。