“SSL: CERTIFICATE_VERIFY_FAILED”错误

我得到以下错误:

Exception in thread Thread-3:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in        __bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in  run
self.__target(*self.__args, **self.__kwargs)
File "/Users/Matthew/Desktop/Skypebot 2.0/bot.py", line 271, in process
info = urllib2.urlopen(req).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

下面是导致这个错误的代码:

if input.startswith("!web"):
    input = input.replace("!web ", "")      
    url = "https://domainsearch.p.mashape.com/index.php?name=" + input
    req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXX' })
    info = urllib2.urlopen(req).read()
    Message.Chat.SendMessage ("" + info)

我正在使用的API要求我使用HTTPS。我怎样才能让它绕过验证呢?

当前回答

Amazon EC2上的Python 2.7，附带centOS 7

我必须设置env变量SSL_CERT_DIR指向我的ca-bundle，它位于/etc/ssl/certs/ca-bundle.crt

2018-05-18 22:40:41

其他回答

这不是您特定问题的解决方案，但我把它放在这里是因为这个线程是“SSL: CERTIFICATE_VERIFY_FAILED”的顶部谷歌结果，它导致我在一个徒劳的追逐。

If you have installed Python 3.6 on OSX and are getting the "SSL: CERTIFICATE_VERIFY_FAILED" error when trying to connect to an https:// site, it's probably because Python 3.6 on OSX has no certificates at all, and can't validate any SSL connections. This is a change for 3.6 on OSX, and requires a post-install step, which installs the certifi package of certificates. This is documented in the file ReadMe.rtf, which you can find at /Applications/Python\ 3.6/ReadMe.rtf (see also the file Conclusion.rtf, and the script build-installer.py that generates the macOS installer).

ReadMe会让你运行安装后的脚本

/Applications/Python\ 3.10/Install\ Certificates.command(终端应用程序，这个命令应该单独解决问题。请确保使用当前的subversion更新文件路径。)

(它的源是install_certificates.command)，其中:

首先安装Python包certifi，然后然后创建一个从OpenSSL证书文件到包certificate安装的证书文件的符号链接。

发布说明有更多信息:https://www.python.org/downloads/release/python-360/

在较新的Python版本中，有更多关于此的文档:

https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/ReadMe.rtf#L22-L34 https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/Conclusion.rtf#L15-L19 https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/Welcome.rtf#L23-L25 https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/resources/install_certificates.command https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/README.rst https://github.com/python/cpython/blob/e05a703848473b0365886dcc593cbddc46609f29/Mac/BuildScript/build-installer.py#L239-L246

2017-02-19 23:49:46

在Windows上，Python不会查看系统证书，它使用自己的位于?\lib\site-packages\certifi\cacert.pem的证书。

问题的解决方案:

下载“*”格式的域验证证书。CRT或*pem文件在编辑器中打开文件并将其内容复制到剪贴板找到你的cacert。Pem位置:来自请求。导入DEFAULT_CA_BUNDLE_PATH;打印(DEFAULT_CA_BUNDLE_PATH) 编辑cacert。Pem文件，并将您的域验证证书粘贴在文件的末尾。保存文件并享受请求!

2015-08-10 08:39:44

在python 2.7中，在文件C:\Python27\lib\site-packages\certifi\cacert中添加受信任根CA的详细信息。pem帮助

之后我运行(使用管理员权限) pip install——truste- host pypi.python.org——truste- host pypi.org——truste- host files.pythonhosted.org packageName

2018-08-28 05:54:39

I was getting the same error, and also went on a wild goose chase for quite a while before I gave up and started trying things on my own. I eventually figured it out, so I thought I'd share. In my case, I am running Python 2.7.10 (due to reasons beyond my control) on Linux, don't have access to the requests module, can't install certificates globally at the OS or Python level, can't set any environment variables, and need to access a specific internal site that uses internally issued certificates.

注意:禁用SSL验证从来不是一个选项。我正在下载一个脚本，它可以立即以根用户的身份运行。没有SSL验证，任何web服务器都可以假装是我的目标主机，而我只是接受他们给我的任何东西，并以root身份运行它!

我将根证书和中间证书(可能不止一个)以pem格式保存到一个文件中，然后使用以下代码:

import ssl,urllib2
data = urllib2.build_opener(urllib2.HTTPSHandler(context=ssl.create_default_context(cafile='/path/to/ca-cert-chain.pem')), urllib2.ProxyHandler({})).open('https://your-site.com/somefile').read()
print(data)

注意，我在那里添加了urllib2.ProxyHandler({})。这是因为在我们的环境中，代理是默认设置的，但它们只能访问外部站点，不能访问内部站点。如果没有代理绕过，我就无法访问内部站点。如果你没有这个问题，你可以简化如下:

data = urllib2.build_opener(urllib2.HTTPSHandler(context=ssl.create_default_context(cafile='/path/to/ca-cert-chain.pem'))).open('https://your-site.com/somefile').read()

工作起来很有魅力，而且不会危及安全。

享受吧!

2021-09-03 01:12:51

对于Centos 6/7、Fedora上的Python 3.4+，只需按如下方式安装受信任CA:

拷贝CA.crt到/etc/pki/ca-trust/source/anchors/ update-ca-trust force-enable update-ca-trust提取

2016-05-05 14:57:42

“SSL: CERTIFICATE_VERIFY_FAILED”错误

推荐文章

最新文章

标签