[英]SSL3 Certificate Verify Failed when Connecting to JIRA API Using Python
I'm currently running into an error when attempting to connect to JIRA using Python2.7 and the JIRA REST API ( http://jira-python.readthedocs.org/en/latest/ ).我目前在尝试使用 Python2.7 和 JIRA REST API ( http://jira-python.readthedocs.org/en/latest/ ) 连接到 JIRA 时遇到错误。
When I execute the following:当我执行以下操作时:
from jira.client import JIRA
options = {
'server': 'https://jira.companyname.com'
}
jira = JIRA(options)
I get the following error message in console:我在控制台中收到以下错误消息:
requests.exceptions.SSLError: [Errno 1] _ssl.c:507: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Is there something that I may have missed or am doing incorrectly?有什么我可能错过或做错的事情吗?
Thanks!谢谢!
I encountered a similar SSL certificate verification error and looking through the "JIRA" methods definitions, its possible to turn off the verification.我遇到了类似的 SSL 证书验证错误,并查看了“JIRA”方法定义,可以关闭验证。
:param options: Specify the server and properties this client will use. Use a dict with any
of the following properties:
* server -- the server address and context path to use. Defaults to ``http://localhost:2990/jira``.
* rest_path -- the root REST path to use. Defaults to ``api``, where the JIRA REST resources live.
* rest_api_version -- the version of the REST resources under rest_path to use. Defaults to ``2``.
* verify -- Verify SSL certs. Defaults to ``True``.
* resilient -- If it should just retry recoverable errors. Defaults to `False`.
Try this :尝试这个 :
from jira.client import JIRA
options = {'server': 'https://jira.companyname.com','verify':False}
jira = JIRA(options)
I know I'm late on this answer, but hopefully this helps someone down the road.我知道我在这个答案上迟到了,但希望这对未来的人有所帮助。
Why you shouldn't turn off verification为什么不应该关闭验证
While turning off certificate verification is the easiest "solution", it is not an advisable thing to do.虽然关闭证书验证是最简单的“解决方案”,但这并不是一个明智的做法。 It essentially says, "I don't care if I trust you or not, I'm going to send you all my information anyway."
它本质上是说,“我不在乎我是否信任你,无论如何我都会把我所有的信息都发给你。” This opens you up for a Man-in-the-Middle attack.
这为中间人攻击打开了大门。
If you're connecting to your company's Jira server and it has a certificate for TLS/SSL, you should be verifying against that.如果您要连接到您公司的 Jira 服务器并且它具有 TLS/SSL 证书,则您应该对此进行验证。 I'd ask your IT department where that certificate is.
我会问你的 IT 部门那个证书在哪里。 It's probably in some root certificate for your company.
它可能在贵公司的某个根证书中。
If you're connecting to the server in Chrome (for example) it should show a lock in the left-hand corner of address bar if it's secured over TLS/SSL.如果您在 Chrome 中连接到服务器(例如),如果它是通过 TLS/SSL 保护的,它应该在地址栏的左手角显示一个锁。
You can Right-Click that lock -> Details -> View Certificate
in Chrome.您可以
Right-Click that lock -> Details -> View Certificate
在 Chrome 中Right-Click that lock -> Details -> View Certificate
。
Okay, so what do I do?好的,那我该怎么办?
Provide the necessary certificate to the verify
option directly.直接向
verify
选项提供必要的证书。
jira-python
uses Requests
for HTTP stuff (See documentation) . jira-python
使用 HTTP Requests
(见文档) 。 And according to Requests documentation you can specify a path to a certificate file in verify
.根据Requests 文档,您可以在
verify
指定证书文件的路径。
Thus, you can provide the root certificate for your company in verify
like so:因此,您可以在
verify
为您的公司提供根证书,如下所示:
jira_options = {
'server': jira_server_name,
'verify': 'path/to/company/root/certificate',
}
If you're using a Windows machine (a safe assumption?), that root certificate is stored in the registry and the best way to get it is using wincertstore
.如果您使用的是 Windows 机器(安全假设?),则该根证书存储在注册表中,获得它的最佳方法是使用
wincertstore
。
On Windows system please do the following:-在 Windows 系统上,请执行以下操作:-
Once the .cer file is obtained, add it to the python script as follows:-获得 .cer 文件后,将其添加到 python 脚本中,如下所示:-
jira_options = {
'server': jira_server_name,
'verify': 'path_to_directory_containing_certificate_file/certificate.cer'
}
This should work without any security warnings.这应该可以在没有任何安全警告的情况下工作。
只需安装 python-certifi-win32 模块,这应该可以帮助您轻松解决这些错误
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.