Python requests throwing SSL errors

前端 未结 1 1032
隐瞒了意图╮
隐瞒了意图╮ 2020-12-10 06:21

This is a followup to SSLError using requests for python:

I have just installed requests on a Mac OSX 10.8.5. My first attempt at doing requests.

相关标签:
1条回答
  • 2020-12-10 07:25

    Notice that you're using HTTPS. As mentioned in the Requests manual

    To check a host’s SSL certificate, you can use the verify argument [...] By default, verify is set to True

    Here are few ways to fix that:

    Update OpenSSL (probably will solve your problem)

    Taken from here:

    If you encounter one of the following errors:

    error:0D0890A1:asn1 encoding routines:ASN1_verify:unknown message digest algorithm
    error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm
    The software you are using might be compiled with a version too old of OpenSSL that does not take certificates signed with sha256WithRSAEncryption into account.
    

    It requires at least OpenSSL 0.9.8o for a total management of SHA256. OpenSSl 0.9.7m only assures a partial management, for server mode only.

    Check your openssl version by

    openssl version
    OpenSSL 1.0.1k-fips 8 Jan 2015
    

    If you have a smaller version than OpenSSL0.9.8o, you have to update its version (OS X):

    brew update
    brew install openssl
    brew link --force openssl
    

    If that doesn't work, try this way:

    brew uninstall openssl
    rm -rf /usr/local/openssl
    brew install openssl
    
    • there's an issue with openssl installed before OS X 10.10.3 and reinstalling it fixes it
    • these command lines will uninstall openssl, remove its folder from your hard-disk and install it again (the updated version)

    Install certifi

    Taken from here

    By default Requests bundles a set of root CAs that it trusts, sourced from the Mozilla trust store. However, these are only updated once for each Requests version. This means that if you pin a Requests version your certificates can become extremely out of date.

    From Requests version 2.4.0 onwards, Requests will attempt to use certificates from certifi if it is present on the system. This allows for users to update their trusted certificates without having to change the code that runs on their system.

    For the sake of security we recommend upgrading certifi frequently!

    In other word, try to install certifi, if you have Request 2.4.0 or newer:

    pip install certifi
    

    Hopefully, this will fix the problem.

    Use different version of OpenSSL and Requests

    Looking into it using Google, I have found that there is a problem with OpenSSL in Python 2:

    • https://github.com/docker/docker-py/issues/465#issuecomment-76520363
    • https://github.com/Homebrew/homebrew/issues/38226
    • https://github.com/docker/compose/issues/1484

    However, I am using Python 2.7.6, Requests 2.2.1 and OpenSSL 1.0.1f 6 Jan 2014 and everything runs correctly.

    Pass the certificate

    In other cases, you may need to tell requests.get the path to the certificate file, if the host's certificate was signed by you.

    requests.get("https://api.github.com/events", verify=True, cert=['/path/to/my/ca.crt'])
    

    Set the verify argument to False (NOT RECOMMENDED!)

    In case you want to avoid the certificate verification, you have to pass verify=False to the request.get method.

    python -c 'import requests; requests.get("https://api.github.com/events", verify=False)'
    

    or from script.py file:

    import requests
    res = requests.get("https://api.github.com/events", verify=False)
    print res
    

    terminal:

    $ python script.py
    <Response [200]>
    

    Important: Very bad idea; You can be MITM attacked, which is a critical security vulnerability.

    0 讨论(0)
提交回复
热议问题