请求：cert 和 verify 有什么区别？

Question

What is the difference between cert and verify?

From Documentation:

verify – (optional) if True, the SSL cert will be verified. A CA_BUNDLE path can also be provided. cert – (optional) if String, path to ssl client cert file (.pem). If Tuple, ('cert', 'key') pair.

Does this mean I can do the following:

CA_BUNDLE='path/to/.pem'
requests.get(url=google.com, verify= CA_BUNDLE)

or

Cert='path/to/.pem'
requests.get(url=google.com, cert=Cert)

They both look like they do the same thing. except verify can disable ssl verification.

I am trying to compile my code to an exe using PYinstaller. I am using certifi module that I see already has a cacert.pem file but I guess I still have to bundle it with my code.

In my code do I modify ...verify or cert?...with a path to cacert.pem or just 'cacert.pem'?

Answer 1

I think it is clearly stated in the documentation: http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

The option cert is to send you own certificate, eg authenticate yourself against the server using a client certificate. It needs a certificate file and if the key is not in the same file as the certificate also the key file.

The option verify is used to enable (default) or disable verification of the servers certificate. It can take True or False or a name of a file which contains the trusted CAs. If not given I think (not documented?) it will take the default CA path/file from OpenSSL, which works usually on UNIX (except maybe OS X) and not on windows.

Answer 2

if the *.pem file has this section

-----BEGIN PRIVATE KEY-----
....
-----END PRIVATE KEY-----

then use cert

---

and if not, then use verify