“SSL: CERTIFICATE_VERIFY_FAILED”错误

我得到以下错误:

Exception in thread Thread-3:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in        __bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in  run
self.__target(*self.__args, **self.__kwargs)
File "/Users/Matthew/Desktop/Skypebot 2.0/bot.py", line 271, in process
info = urllib2.urlopen(req).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

下面是导致这个错误的代码:

if input.startswith("!web"):
    input = input.replace("!web ", "")      
    url = "https://domainsearch.p.mashape.com/index.php?name=" + input
    req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXX' })
    info = urllib2.urlopen(req).read()
    Message.Chat.SendMessage ("" + info)

我正在使用的API要求我使用HTTPS。我怎样才能让它绕过验证呢?

当前回答

Amazon EC2上的Python 2.7，附带centOS 7

我必须设置env变量SSL_CERT_DIR指向我的ca-bundle，它位于/etc/ssl/certs/ca-bundle.crt

2018-05-18 22:40:41

其他回答

我认为你有几种方法可以解决这个问题。我提到了以下5种方法:

你可以为每个请求定义上下文，并在每个请求上传递上下文，如下所示:

import certifi
import ssl
import urllib
context = ssl.create_default_context(cafile=certifi.where())
result = urllib.request.urlopen('https://www.example.com', context=context)

或在环境中设置证书文件。

import os
import certifi
import urllib
os.environ["REQUESTS_CA_BUNDLE"] = certifi.where()
os.environ["SSL_CERT_FILE"] = certifi.where()
result = urllib.request.urlopen('https://www.example.com')

创建默认的https上下文方法:

import certifi
import ssl
ssl._create_default_https_context = lambda: ssl.create_default_context(cafile=certifi.where())
result = urllib.request.urlopen('https://www.example.com')

如果您使用Linux机器，生成新的证书并导出指向证书目录的环境变量，则可以修复该问题。

$ sudo update-ca-certificates --fresh
$ export SSL_CERT_DIR=/etc/ssl/certs

或如果您使用Mac机器，生成新的证书

$ cd "/Applications/$(python3 --version | awk '{print $2}'| awk  -F. '{print "Python " $1"."$2}')"
$ sudo "./Install Certificates.command"

2022-08-07 18:48:26

对于Centos 6/7、Fedora上的Python 3.4+，只需按如下方式安装受信任CA:

拷贝CA.crt到/etc/pki/ca-trust/source/anchors/ update-ca-trust force-enable update-ca-trust提取

2016-05-05 14:57:42

我在这里找到了这个

我找到了这个解决方案，在你的源文件开始插入这段代码:

import ssl

try:
   _create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
    # Legacy Python that doesn't verify HTTPS certificates by default
    pass
else:
    # Handle target environment that doesn't support HTTPS verification
    ssl._create_default_https_context = _create_unverified_https_context

这段代码将撤销验证，这样就不会验证ssl证书。

2019-03-24 05:22:20

如果你有私人证书要处理，比如你的组织自己的CA根和链的中间部分，那么最好将证书添加到CA文件中，即cacert。pem，而不是绕过整个安全设备(verify=False)。下面的代码让你在2.7+和3+

考虑添加整个证书链，当然您只需要这样做一次。

import certifi

cafile=certifi.where() # cacert file
with open ('rootca.pem','rb') as infile:
    customca=infile.read()
    with open(cafile,'ab') as outfile:
        outfile.write(customca)
with open ('interca.pem','rb') as infile:
    customca=infile.read()
    with open(cafile,'ab') as outfile:
        outfile.write(customca)
with open ('issueca.pem','rb') as infile:
    customca=infile.read()
    with open(cafile,'ab') as outfile:
        outfile.write(customca)

那这个应该能让你振作起来

import requests
response = requests.request("GET", 'https://yoursecuresite.com',  data = {})
print(response.text.encode('utf8'))

希望这能有所帮助

2020-06-13 09:49:08

我在我的一台Linux机器上遇到了类似的问题。生成新的证书并导出指向证书目录的环境变量，为我修复了它:

$ sudo update-ca-certificates --fresh
$ export SSL_CERT_DIR=/etc/ssl/certs

2019-09-12 15:34:03

“SSL: CERTIFICATE_VERIFY_FAILED”错误

推荐文章

最新文章

标签