[英]Using certificates in urllib3
I'm a Python newbie.我是 Python 新手。 I'm using urllib3 to talk to an api.我正在使用 urllib3 与 api 对话。 The reason I'm using this and not requests is that I'd like to host my app on GAE.我使用它而不是请求的原因是我想在 GAE 上托管我的应用程序。 My app uses certicates.我的应用程序使用证书。 When I post data, I get the following error:当我发布数据时,出现以下错误:
TypeError: __init__() got an unexpected keyword argument 'cert_reqs'
How can I include certs in my urlopen call?如何在我的 urlopen 调用中包含证书? A snippet of code follows一段代码如下
CA_CERTS = ('client-2048.crt', 'client-2048.key')
http = urllib3.PoolManager()
r = http.urlopen('POST', url, body=payload, headers={'X-Application': '???', 'Content-Type': 'application/x-www-form-urlencoded'}, cert_reqs='REQUIRED', ca_certs=CA_CERTS)
print r.status, r.data
You can drop down to the HTTPSConnectionPool level which you may do directly:您可以下拉到可以直接执行的HTTPSConnectionPool级别:
from urllib3.connectionpool import HTTPSConnectionPool
conn = HTTPSConnectionPool('httpbin.org', ca_certs='/etc/pki/tls/cert.pem', cert_reqs='REQUIRED')
Or, more simply or via the connection_from_url()
helper function:或者,更简单地或通过connection_from_url()
辅助函数:
conn = urllib3.connection_from_url('https://httpbin.org', ca_certs='/etc/pki/tls/cert.pem', cert_reqs='REQUIRED')
Note that ca_certs
is the file name of a certificate bundle used to validate the remote server's certificate.请注意, ca_certs
是用于验证远程服务器证书的证书包的文件名。 Use cert_file
and key_file
to present your client certificate to the remote server:使用cert_file
和key_file
将您的客户端证书提供给远程服务器:
conn = urllib3.connection_from_url('https://httpbin.org', cert_file='client-2048.crt', key_file='client-2048.key', ca_certs='/etc/pki/tls/cert.pem', cert_reqs='REQUIRED')
Then issue your request:然后发出您的请求:
response = conn.request('POST', 'https://httpbin.org/post', fields={'field1':1234, 'field2':'blah'})
>>> print response.data
{
"args": {},
"data": "",
"files": {},
"form": {
"field1": "1234",
"field2": "blah"
},
"headers": {
"Accept-Encoding": "identity",
"Connection": "close",
"Content-Length": "220",
"Content-Type": "multipart/form-data; boundary=048b02ad15274fc485c2cb2b6a280034",
"Host": "httpbin.org",
"X-Request-Id": "92fbc1da-d83e-439c-9468-65d27492664f"
},
"json": null,
"origin": "220.233.14.203",
"url": "http://httpbin.org/post"
}
you should pass the cert_reqs='REQUIRED'
and ca_certs=CA_CERTS
args to the PoolManager()
instantiation directly.您应该将cert_reqs='REQUIRED'
和ca_certs=CA_CERTS
args 直接传递给PoolManager()
实例化。
So the original example can be changed to this:所以原来的例子可以改成这样:
CA_CERTS = ('client-2048.crt', 'client-2048.key')
http = urllib3.PoolManager(cert_reqs='REQUIRED', ca_certs=CA_CERTS)
r = http.urlopen('POST', url, body=payload, headers={'X-Application': '???', 'Content-Type': 'application/x-www-form-urlencoded'})
print r.status, r.data
Passing User-Agent
header seemed to help in my case, on top of the other answers.除了其他答案之外,传递User-Agent
标头似乎对我有帮助。
Not sure if this is a common behaviour, but my server would return 403 - Access denied
error when performing a HTTPS request using self-signed certificates and without User-Agent
.不确定这是否是一种常见行为,但在使用自签名证书且不User-Agent
执行 HTTPS 请求时,我的服务器会返回403 - Access denied
错误。
When ignoring certificates (ie. using an empty ssl.SSLContext
) the User-Agent
header wasn't required and the request would succeed.当忽略证书(即使用空的ssl.SSLContext
)时,不需要User-Agent
标头,请求会成功。 Only when passing a self-signed certificate using the ca_certs
parameter, I needed to include the User-Agent
只有在使用ca_certs
参数传递自签名证书时,我才需要包含User-Agent
http = urllib3.PoolManager(cert_reqs='REQUIRED', ca_certs='/path/to/cacert.pem')
r = http.urlopen('GET', url, headers={'User-Agent': 'myapp/v0.1.0'})
print(r.data)
I cannot find any source indicating why User-Agent
may be required when using a self-signed certificate.我找不到任何说明为什么在使用自签名证书时可能需要User-Agent
来源。 Any clarification on that point most welcome.对这一点的任何澄清都是最受欢迎的。
Read more about User-Agent
header here . 在此处阅读有关User-Agent
标头的更多信息。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.