python的requests使用 certifi package's certificate管理证书
出现 requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
certifi 使用pem证书,
PEM - Privacy Enhanced Mail,打开看文本格式,以"-----BEGIN..."开头, "-----END..."结尾,内容是BASE64编码.
查看PEM格式证书的信息:openssl x509 -in certificate.pem -text -noout
DER - Distinguished Encoding Rules,打开看是二进制格式,不可读.
查看DER格式证书的信息:openssl x509 -in certificate.der -inform der -text -noout
der转为pem
openssl x509 -inform der -in certificate.cer -out certificate.pem
python 2.7的ca证书位置/usr/local/lib/python2.7/dist-packages/certifi/cacert.pem
使用如下证书可以将ca证书导入
-
import certifi
-
import requests
-
-
try:
-
print('Checking connection to Slack...')
-
test = requests.get('')
-
print('Connection to Slack OK.')
-
except requests.exceptions.SSLError as err:
-
print('SSL Error. Adding custom certs to Certifi store...')
-
cafile = certifi.where()
-
with open('/software/pki/ca.crt', 'rb') as infile:
-
customca = infile.read()
-
with open(cafile, 'ab') as outfile:
-
outfile.write(customca)
-
print('That might have worked.')
-
-
# Actual app logic here, hopefully without SSL issues.
也可以指定REQUESTS_CA_BUNDLE
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
或者代码
-
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join(
-
'/etc/ssl/certs/',
-
'ca-certificates.crt')
出现hostname 'kennethreitz.com' doesn't match either of '*.herokuapp.com',
把verify=False
-
import requests
-
headers = {'Content-type': 'application/json', 'Accept': 'text/json'}
-
r = requests.post('',
-
cert=('/software/pki/client.crt', '/software/pki/client.key'), verify=False,
-
headers=headers)
-
print r.status_code
-
print r.json()
阅读(29343) | 评论(0) | 转发(0) |