问题
my code was working before until i got this error whenever i make SOAP requests to Frontierlink Web Service.
File "/home/venv/lib/python2.7/site-packages/OpenSSL/_util.py", line 54, in exception_from_error_queue
raise exception_type(errors)
OpenSSL.SSL.Error: [('SSL routines', 'SSL_CTX_use_certificate', 'ca md too weak')]
Do i need to regenerate the pem file that im using to connect or the issue is on the .p12 file that i have used to generate the pem file?
Let me know if you need more info on my issue.
Notes:
OpenSSL Version that im using is : OpenSSL 1.0.2k-fips
Thank you in advance!
回答1:
The error message you are getting indicates that the certificate you are using is signed with an md5
hash.
Since OpenSSL 1.1.0 this method of signing is no longer valid and a stronger hash must be used.
You may need to regenerate the certificate and use a stronger hash to sign, for example SHA1
.
Judging from the forum post at OpenSSL Users this problem may be occuring now because the service you are attempting to connect to has upgraded their version of OpenSSL and it is now rejecting your certificate.
来源:https://stackoverflow.com/questions/52218876/how-to-fix-ssl-issue-ssl-ctx-use-certificate-ca-md-too-weak-on-python-zeep