如何解决ssl.SSLCertVerificationError:证书验证失败:无法获取本地颁发者证书 (_ssl.c:1108)
我用下面的代码实现了单向认证,文件ca.crt
是服务器生成的
import ssl
import urllib.request
CERT_CA = './ca.crt'
context = ssl.SSLContext(ssl.PROTOCOL_TLS)
context.check_hostname = False
context.load_verify_locations(CERT_CA)
context.verify_mode = ssl.CERT_REQUIRED
server_api = 'https://xxxxxxxx'
request = urllib.request.Request(server_api,method='GET')
resp = urllib.request.urlopen(request,context=context)
但得到异常:
Traceback (most recent call last):
File "/usr/local/lib/python3.8/urllib/request.py",line 1319,in do_open
h.request(req.get_method(),req.selector,req.data,headers,File "/usr/local/lib/python3.8/http/client.py",line 1230,in request
self._send_request(method,url,body,encode_chunked)
File "/usr/local/lib/python3.8/http/client.py",line 1276,in _send_request
self.endheaders(body,encode_chunked=encode_chunked)
File "/usr/local/lib/python3.8/http/client.py",line 1225,in endheaders
self._send_output(message_body,line 1004,in _send_output
self.send(msg)
File "/usr/local/lib/python3.8/http/client.py",line 944,in send
self.connect()
File "/usr/local/lib/python3.8/http/client.py",line 1399,in connect
self.sock = self._context.wrap_socket(self.sock,File "/usr/local/lib/python3.8/ssl.py",line 500,in wrap_socket
return self.sslsocket_class._create(
File "/usr/local/lib/python3.8/ssl.py",line 1040,in _create
self.do_handshake()
File "/usr/local/lib/python3.8/ssl.py",line 1309,in do_handshake
self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)
During handling of the above exception,another exception occurred:
Traceback (most recent call last):
File "tst.py",line 20,in <module>
resp = urllib.request.urlopen(request,context=context)
File "/usr/local/lib/python3.8/urllib/request.py",line 222,in urlopen
return opener.open(url,data,timeout)
File "/usr/local/lib/python3.8/urllib/request.py",line 525,in open
response = self._open(req,data)
File "/usr/local/lib/python3.8/urllib/request.py",line 542,in _open
result = self._call_chain(self.handle_open,protocol,protocol +
File "/usr/local/lib/python3.8/urllib/request.py",line 502,in _call_chain
result = func(*args)
File "/usr/local/lib/python3.8/urllib/request.py",line 1362,in https_open
return self.do_open(http.client.HTTPSConnection,req,File "/usr/local/lib/python3.8/urllib/request.py",line 1322,in do_open
raise URLError(err)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1108)>
certifi
==2020.6.20 和 urllib3
==1.25.10
我该如何解决这个问题,请求需要身份验证,所以请不要使用像verify=False
这样的东西。
非常感谢
问题解决了,因为我使用了错误的服务器主机地址。 以上代码适用于单向身份验证情况。
解决方法
通过使用我从网络管理员那里请求的 ca-bundle,我已经能够解决这个问题。这被映射到 REQUESTS_CA_BUNDLE
环境变量:
# .bashrc
export REQUESTS_CA_BUNDLE=/path/to/cacert.pem
重新启动您的终端并再次尝试pip install
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。