我一直在使用Python Requests库来刮取网站一段时间,但该网站最近更改了SSL证书,新的证书将无法验证请求 .
根据类似问题的答案,我已将请求和urllib3更新到最新版本(2.4.3和1.9.1),并手动将CA证书添加到请求'cacert.pem(/ usr / local / lib / python2) . 7 / DIST-包/请求/ cacert.pem) .
我可以使用curl成功使用此cacert.pem文件,但仍然没有请求:
> curl --head --cacert /usr/local/lib/python2.7/dist-packages/requests/cacert.pem
https://jordan-cu.org
HTTP/1.1 200 OK
Date: Thu, 20 Nov 2014 16:21:28 GMT
Server: Apache
X-Pingback: https://jordan-cu.org/xmlrpc.php
Link: <https://jordan-cu.org/>; rel=shortlink
X-Powered-By: PleskLin
Content-Type: text/html; charset=UTF-8
> python
Python 2.7.4 (default, Sep 26 2013, 03:20:26)
[GCC 4.7.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> requests.get('https://jordan-cu.org')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 60, in get
return request('get', url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 49, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 457, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 569, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 420, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
我不确定在这一点上还有什么可以尝试的 . 任何帮助表示赞赏!
3 回答
您需要安装pyopenssl和ndg-httpsclient
有关详细信息,请参阅using requests with TLS doesn't give SNI support
Python2不支持SNI,请求在这方面没有帮助,请参阅http://docs.python-requests.org/en/latest/community/faq/ . 但是,如果在没有SNI的情况下访问,服务器将返回自签名证书:
如果一个人使用SNI访问服务器,则返回由公共CA签名的证书:
因为Python2在没有SNI的情况下进行TLS连接,您将获得自签名证书,当然无法对
cacert.pem进行验证,因此您获得certificate verify failed.修复:升级到支持SNI的Python3 .
您需要使用整个证书链创建PEM文件 . 您的证书中间证书根证书 .