这是我的代码
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join('/path/to/','ca-own.crt')
s = requests.Session()
s.cert = ('some.crt', 'some.key')
s.get('https://some.site.com')
最后一条指令返回:
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
有卷曲:
curl --cacert ca-own.crt --key some.key --cert some.crt https://some.site.com
返回正常的 html 代码。
如何发出 python requests.Session 向端点发送正确的证书?
P.S.如果我添加以下内容也会出现同样的情况
s.verify = 'some.crt'
或
cat some.crt ca-own.crt > res.crt
s.verify = 'res.crt'
P.P.S.
cat some.crt some.key > res.pem
s.cert = "res.pem"
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))
cat ca-own.crt some.crt some.key > res.pem
s.cert = "res.pem"
requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(116, '[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:4067)')))
如果您将
verify=False
放入 GET 请求中,上面的代码将起作用,但这不是理想的安全方式(中间人攻击),因此您需要将 CA 证书(颁发者的证书)文件添加到验证参数中。更多信息这里
session = requests.Session()
session.verify = "/path/to/issuer's certificate"(CA certificate)
session.get('https://some.site.com')
你可以试试这个
with requests.Session() as session:
session.verify = "your CA cert"
response = session.get(url, cert=('path of client cert','path of client key'))