ssl.SSLError:[SSL:CERTIFICATE_VERIFY_FAILED]证书验证失败,Python套接字,ssl,gmail smtp连接
[英]ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed, Python sockets, ssl, gmail smtp connect
问题描述
I want to connect to gmail SMTP server using secure sockets. 
我想使用安全套接字连接到Gmail SMTP服务器。 I have downloaded the mail.google.com.crt cert file by using my browser - Firefox (I simply opened a gmail.com page and then exported the certificate using my browser export cert button). 我已经使用浏览器Firefox下载了mail.google.com.crt证书文件(我只是打开gmail.com页面,然后使用浏览器导出证书按钮导出了证书)。
However, its seems that there is a problem, and I do not know why. 但是,似乎有问题,我不知道为什么。 when I changed mail.google.com.crt to GeoTrustGlobalCA.pem (I found it somewhere online) it worked (didnt show the erros). 当我将mail.google.com.crt更改为GeoTrustGlobalCA.pem (我在网上找到它)后,它开始工作了(没有显示错误)。 Am I not understand something here? 我在这里不明白吗?
if __name__ == '__main__':
HOST = 'smtp.gmail.com'
PORT = 465
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.connect((HOST, PORT))
context = ssl.SSLContext(ssl.PROTOCOL_SSLv23)
context.verify_mode = ssl.CERT_REQUIRED
context.load_verify_locations('mail.google.com.crt')
# check SNI extension
if ssl.HAS_SNI:
secure_sock = context.wrap_socket(sock, server_hostname=HOST)
else:
secure_sock = context.wrap_socket(sock)
cert = secure_sock.getpeercert()
print cert
if not cert or ('commonName', 'smtp.google.com') not in cert['subject'][4]: raise Exception("erroe" )
secure_sock.recv(1024)
secure_sock.close()
sock.close()
1 个解决方案
解决方案1
1 已采纳 2017-06-03 13:14:37
context.load_verify_locations('mail.google.com.crt')
Verify locations are expected to contain trusted CA certificates. 验证位置应包含受信任的CA证书。 The server certificate you've specified is no CA certificate. 您指定的服务器证书不是CA证书。 From the documentation : 从文档中 :
Load a set of “certification authority” (CA) certificates used to validate other peers' certificates ...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.