在 python ssl 中使用自我证书验证时出错

Question

Getting the following error:

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)

I'm using self-signed certificates between many servers, now need to integrate python in the system but unable to verify self-signed certificates.

The code I'm using

context = ssl.create_default_context()
context.load_verify_locations("/var/certs.crt")
context.load_cert_chain(certfile=cert_path, keyfile=key_path)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_REQ

resp = urllib.request.urlopen(url_string, context=ctx)

var/certs.crt containing the certificate of the specific server I'm starting an ssl connection with.

cert_path & key_path are my own cert and private key to establish 2 way ssl.

Things I've checked:

1.I can see my certs being loaded after load_cert_chain in context.get_ca_certs()

2.I tried context.verify_flags |= 0x80000 but it didn't work.

If ctx.verify_mode = False then I'm able to connect properly but it will not be secured.

Since the best existing answer on StackOverflow is to use ctx.verify = False and it's not the way, I'm hoping this time to find someone who actually fixed it.

Thanks

Answer 1

After checking in wireshark I saw that python throwing the wrong error. the problem wasn't with the self certificate but was "Certificate Unknown" and the SSL handshake failed.

So it can be done with ssl.CERT_REQ