问题
How do I have python httplib accept untrusted certs? I created a snake oil/self signed cert on my webserver, and my python client fails to connect as I am using a untrusted cert.
I'd rather problematically fix this in my client code rather than have it trusted on my system.
import httplib
def main():
conn = httplib.HTTPSConnection("127.0.0.1:443")
conn.request("HEAD","/")
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print len(data)
if __name__ == "__main__":
main()
回答1:
Some of my scripts stopped working after updating my computer. Turns out, this was the problem: https://docs.python.org/2/library/httplib.html#httplib.HTTPSConnection
Changed in version 2.7.9: context was added.
This class now performs all the necessary certificate and hostname checks by default. To revert to the previous, unverified, behavior ssl._create_unverified_context() can be passed to the context parameter.
So if your version of Python is >= 2.7.9 (2.7.10 in my case), you'll likely run into this. To fix it, I updated my call:
httplib.HTTPSConnection(hostname, timeout=5, context=ssl._create_unverified_context())
This is likely the simplest change to retain the same behavior.
回答2:
From inspecting the Python 2.7.14 source code, you may set an environment variable
PYTHONHTTPSVERIFY=0
and this will cause certificate verification to be disabled by default (this will apply to all requests from your program).
I believe this works from 2.7.12+ - but it does not apply to 3.x.
Ref. PEP 493: Verify HTTPS by default, but allow envvar to override that
来源:https://stackoverflow.com/questions/5319430/how-do-i-have-python-httplib-accept-untrusted-certs