我得到以下错误:
Exception in thread Thread-3:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in run
self.__target(*self.__args, **self.__kwargs)
File "/Users/Matthew/Desktop/Skypebot 2.0/bot.py", line 271, in process
info = urllib2.urlopen(req).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>
下面是导致这个错误的代码:
if input.startswith("!web"):
input = input.replace("!web ", "")
url = "https://domainsearch.p.mashape.com/index.php?name=" + input
req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXX' })
info = urllib2.urlopen(req).read()
Message.Chat.SendMessage ("" + info)
我正在使用的API要求我使用HTTPS。我怎样才能让它绕过验证呢?
如果只想绕过验证,可以创建一个新的SSLContext。默认情况下,新创建的上下文使用CERT_NONE。
如17.3.7.2.1节所述,请注意这一点
当直接调用SSLContext构造函数时,CERT_NONE是默认值。由于它不验证另一个对等体,因此它可能是不安全的,特别是在客户端模式下,大多数时候您希望确保与之通信的服务器的真实性。因此,在客户端模式下,强烈建议使用CERT_REQUIRED。
但如果你只是想让它现在工作,你可以做以下事情,你也必须导入ssl:
input = input.replace("!web ", "")
url = "https://domainsearch.p.mashape.com/index.php?name=" + input
req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' })
gcontext = ssl.SSLContext() # Only for gangstars
info = urllib2.urlopen(req, context=gcontext).read()
Message.Chat.SendMessage ("" + info)
这应该可以解决您的问题,但您并没有真正解决任何问题,但您不会看到[SSL: CERTIFICATE_VERIFY_FAILED],因为您现在没有验证证书!
为了补充以上内容,如果您想了解更多关于为什么会遇到这些问题的信息,请参阅PEP 476。
这个PEP建议在默认情况下启用X509证书签名的验证,以及Python的HTTP客户端的主机名验证,并在每次调用的基础上选择退出。此更改将应用于Python 2.7、Python 3.4和Python 3.5。
有一个建议选择退出,这与我上面的建议没有什么不同:
import ssl
# This restores the same behavior as before.
context = ssl._create_unverified_context()
urllib.urlopen("https://no-valid-cert", context=context)
它还提供了一个非常不推荐的monkeypatching选项,这在python中并不常见:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
它用创建未经验证的上下文的函数覆盖用于创建上下文的默认函数。
请注意PEP中所述:
This guidance is aimed primarily at system administrators that wish to adopt newer versions of Python that implement this PEP in legacy environments that do not yet support certificate verification on HTTPS connections. For example, an administrator may opt out by adding the monkeypatch above to sitecustomize.py in their Standard Operating Environment for Python. Applications and libraries SHOULD NOT be making this change process wide (except perhaps in response to a system administrator controlled configuration setting).
如果你想读一篇关于为什么不验证证书是不好的软件的论文,你可以在这里找到它!
这不是您特定问题的解决方案,但我把它放在这里是因为这个线程是“SSL: CERTIFICATE_VERIFY_FAILED”的顶部谷歌结果,它导致我在一个徒劳的追逐。
If you have installed Python 3.6 on OSX and are getting the "SSL: CERTIFICATE_VERIFY_FAILED" error when trying to connect to an https:// site, it's probably because Python 3.6 on OSX has no certificates at all, and can't validate any SSL connections. This is a change for 3.6 on OSX, and requires a post-install step, which installs the certifi package of certificates. This is documented in the file ReadMe.rtf, which you can find at /Applications/Python\ 3.6/ReadMe.rtf (see also the file Conclusion.rtf, and the script build-installer.py that generates the macOS installer).
ReadMe会让你运行安装后的脚本
/Applications/Python\ 3.10/Install\ Certificates.command(终端应用程序,这个命令应该单独解决问题。请确保使用当前的subversion更新文件路径。)
(它的源是install_certificates.command),其中:
首先安装Python包certifi,然后
然后创建一个从OpenSSL证书文件到包certificate安装的证书文件的符号链接。
发布说明有更多信息:https://www.python.org/downloads/release/python-360/
在较新的Python版本中,有更多关于此的文档:
https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/ReadMe.rtf#L22-L34
https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/Conclusion.rtf#L15-L19
https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/Welcome.rtf#L23-L25
https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/install_certificates.command
https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/README.rst
https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/build-installer.py#L239-L246
