Python Requests throwing SSLError

前端未结

关注

 24  2651

I\'m working on a simple script that involves CAS, jspring security check, redirection, etc. I would like to use Kenneth Reitz\'s python requests because it\'s a great piec

相关标签:

24条回答

暖寄归人

2020-11-22 03:31
I encountered the same issue and ssl certificate verify failed issue when using aws boto3, by review boto3 code, I found the REQUESTS_CA_BUNDLE is not set, so I fixed the both issue by setting it manually:
```
from boto3.session import Session
import os

# debian
os.environ['REQUESTS_CA_BUNDLE'] = os.path.join(
    '/etc/ssl/certs/',
    'ca-certificates.crt')
# centos
#   'ca-bundle.crt')
```
For aws-cli, I guess setting REQUESTS_CA_BUNDLE in ~/.bashrc will fix this issue (not tested because my aws-cli works without it).
```
REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt # ca-bundle.crt
export REQUESTS_CA_BUNDLE
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
醉梦人生

2020-11-22 03:31

There is currently an issue in the requests module causing this error, present in v2.6.2 to v2.12.4 (ATOW): https://github.com/kennethreitz/requests/issues/2573

Workaround for this issue is adding the following line: requests.packages.urllib3.util.ssl_.DEFAULT_CIPHERS = 'ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS'

0 讨论(0)
发布评论:

提交评论
- 加载中...
日久生厌

2020-11-22 03:34
The name of CA file to use you could pass via verify:
```
cafile = 'cacert.pem' # http://curl.haxx.se/ca/cacert.pem
r = requests.get(url, verify=cafile)
```
If you use verify=True then requests uses its own CA set that might not have CA that signed your server certificate.
0 讨论(0)
发布评论:

提交评论
- 加载中...
佛祖请我去吃肉

2020-11-22 03:34
I had to upgrade from Python 3.4.0 to 3.4.6
```
pyenv virtualenv 3.4.6 myvenv
pyenv activate myvenv
pip install -r requirements.txt
```
0 讨论(0)
发布评论:

提交评论
- 加载中...
慢半拍i

2020-11-22 03:35

I fought this problem for HOURS.

I tried to update requests. Then I updated certifi. I pointed verify to certifi.where() (The code does this by default anyways). Nothing worked.

Finally I updated my version of python to python 2.7.11. I was on Python 2.7.5 which had some incompatibilities with the way that the certificates are verified. Once I updated Python (and a handful of other dependencies) it started working.

0 讨论(0)
发布评论:

提交评论
- 加载中...
無奈伤痛

2020-11-22 03:37
I have found an specific approach for solving a similar issue. The idea is pointing the cacert file stored at the system and used by another ssl based applications.

In Debian (I'm not sure if same in other distributions) the certificate files (.pem) are stored at /etc/ssl/certs/ So, this is the code that work for me:
```
import requests
verify='/etc/ssl/certs/cacert.org.pem'
response = requests.get('https://lists.cacert.org', verify=verify)
```
For guessing what pem file choose, I have browse to the url and check which Certificate Authority (CA) has generated the certificate.

EDIT: if you cannot edit the code (because you are running a third app) you can try to add the pem certificate directly into /usr/local/lib/python2.7/dist-packages/requests/cacert.pem (e.g. copying it to the end of the file).
0 讨论(0)
发布评论:

提交评论
- 加载中...