“SSL: CERTIFICATE_VERIFY_FAILED”错误

我得到以下错误:

Exception in thread Thread-3:
Traceback (most recent call last):
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in        __bootstrap_inner
self.run()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 763, in  run
self.__target(*self.__args, **self.__kwargs)
File "/Users/Matthew/Desktop/Skypebot 2.0/bot.py", line 271, in process
info = urllib2.urlopen(req).read()
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:581)>

下面是导致这个错误的代码:

if input.startswith("!web"):
    input = input.replace("!web ", "")      
    url = "https://domainsearch.p.mashape.com/index.php?name=" + input
    req = urllib2.Request(url, headers={ 'X-Mashape-Key': 'XXXXXXXXXXXXXXXXXXXX' })
    info = urllib2.urlopen(req).read()
    Message.Chat.SendMessage ("" + info)

我正在使用的API要求我使用HTTPS。我怎样才能让它绕过验证呢?

当前回答

我也遇到了类似的问题，不过我在Python 3.4、3.5和3.6中使用了urllib.request.urlopen。(这是Python 3中urllib2的一部分，根据Python 2的urllib2文档页面头部的注释。)

我的解决方案是pip install certifi来安装certifi，它有:

．.．一个精心策划的根证书集合，用于验证SSL证书的可信度，同时验证TLS主机的身份。

然后，在我的代码中，我之前只有:

import urllib.request as urlrq

resp = urlrq.urlopen('https://example.com/bar/baz.html')

我将其修改为:

import urllib.request as urlrq
import certifi

resp = urlrq.urlopen('https://example.com/bar/baz.html', cafile=certifi.where())

如果我读取urllib2。Urlopen文档正确，它也有一个cafile参数。所以,urllib2.urlopen([…]， certificate .where())可能也适用于Python 2.7。

更新(2020-01-01):自Python 3.6起，已弃用urlopen的cafile参数，取而代之的应该是指定context参数。我发现以下功能在3.5到3.8版本中同样有效:

import urllib.request as urlrq
import certifi
import ssl

resp = urlrq.urlopen('https://example.com/bar/baz.html', context=ssl.create_default_context(cafile=certifi.where()))

2018-01-07 05:40:54

其他回答

使用pip安装PyOpenSSL对我来说是有效的(没有转换为PEM):

pip install PyOpenSSL

2018-02-15 15:12:04

在python 2.7中，在文件C:\Python27\lib\site-packages\certifi\cacert中添加受信任根CA的详细信息。pem帮助

之后我运行(使用管理员权限) pip install——truste- host pypi.python.org——truste- host pypi.org——truste- host files.pythonhosted.org packageName

2018-08-28 05:54:39

我对Mac OS X的解决方案:

使用从Python语言官方网站https://www.python.org/downloads/下载的本地应用程序Python安装程序升级到Python 3.6.5

我发现这个安装程序在更新新Python的链接和符号链接方面比自制的要好得多。

使用"安装新证书。/Install Certificates.command”，该命令位于刷新后的Python 3.6目录中

cd "/Applications/Python 3.6/"
sudo "./Install Certificates.command"

2018-04-21 07:58:47

如果你在vCenter 6上，你应该将你vCenter的vmware证书颁发机构证书添加到你的操作系统的受信任CA列表中。要下载证书，请执行以下操作

打开Web浏览器。导航到https:// 在右下角单击“下载受信任的根CA”链接

在Fedora

解压缩并将扩展名从.0更改为.cer 将其复制到/etc/pki/ca-trust/source/anchors/ 执行update-ca-trust命令。

链接:

https://virtualizationreview.com/articles/2015/04/02/install-root-self-signed-certificate-vcenter-6.aspx?m=1 http://forums.fedoraforum.org/showthread.php?t=293856

2016-04-25 01:57:53

The SSL: CERTIFICATE_VERIFY_FAILED error could also occur because an Intermediate Certificate is missing in the ca-certificates package on Linux. For example, in my case the intermediate certificate "DigiCert SHA2 Secure Server CA" was missing in the ca-certificates package even though the Firefox browser includes it. You can find out which certificate is missing by directly running the wget command on the URL causing this error. Then you can search for the corresponding link to the CRT file for this certificate from the official website (e.g. https://www.digicert.com/digicert-root-certificates.htm in my case) of the Certificate Authority. Now, to include the certificate that is missing in your case, you may run the below commands using your CRT file download link instead:

wget https://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

mv DigiCertSHA2SecureServerCA.crt DigiCertSHA2SecureServerCA.der

openssl x509 -inform DER -outform PEM -in DigiCertSHA2SecureServerCA.der -out DigicertSHA2SecureServerCA.pem.crt

sudo mkdir /usr/share/ca-certificates/extra

sudo cp DigicertSHA2SecureServerCA.pem.crt /usr/share/ca-certificates/extra/

sudo dpkg-reconfigure ca-certificates

在此之后，您可以再次使用wget测试URL，也可以使用python urllib包进行测试。详情请参考:https://bugs.launchpad.net/ubuntu/+source/ca-certificates/+bug/1795242

2020-05-22 09:04:57

“SSL: CERTIFICATE_VERIFY_FAILED”错误

推荐文章

最新文章

标签