问题
I'm using requests to communicate with remote server over https. At the moment I'm not verifying SSL certificate and I'd like to fix that.
Within requests documentation, I've found that:
You can pass verify the path to a CA_BUNDLE file with certificates of trusted CAs. This list of trusted CAs can also be specified through the REQUESTS_CA_BUNDLE environment variable.
I don't want to use system's certs, but to generate my own store.
So far I'm grabbing server certificate with ssl.get_server_certificate(addr), but I don't know how to create my own store and add it there.
回答1:
This is actually trivial... CA_BUNDLE can be any file that you append certificates to, so you can simply append the output of ssl.get_server_certificate() to that file and it works.
来源:https://stackoverflow.com/questions/31369633/adding-server-certificates-to-ca-bundle-in-python