[英]getting error using self certificate verification in python ssl
Getting the following error:收到以下错误:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1045)
I'm using self-signed certificates between many servers, now need to integrate python in the system but unable to verify self-signed certificates.我在许多服务器之间使用自签名证书,现在需要在系统中集成 python 但无法验证自签名证书。
The code I'm using我正在使用的代码
context = ssl.create_default_context()
context.load_verify_locations("/var/certs.crt")
context.load_cert_chain(certfile=cert_path, keyfile=key_path)
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_REQ
resp = urllib.request.urlopen(url_string, context=ctx)
var/certs.crt containing the certificate of the specific server I'm starting an ssl connection with. var/certs.crt包含我正在启动 ssl 连接的特定服务器的证书。
cert_path & key_path are my own cert and private key to establish 2 way ssl. cert_path 和 key_path是我自己的证书和私钥,用于建立 2 路 ssl。
Things I've checked:我检查过的事情:
1.I can see my certs being loaded after load_cert_chain in context.get_ca_certs()
1.我可以在
context.get_ca_certs()
中看到我的证书在load_cert_chain之后加载
2.I tried context.verify_flags |= 0x80000
but it didn't work. 2.我尝试了
context.verify_flags |= 0x80000
但它没有用。
If ctx.verify_mode = False
then I'm able to connect properly but it will not be secured.如果
ctx.verify_mode = False
那么我可以正确连接,但不会受到保护。
Since the best existing answer on StackOverflow is to use ctx.verify = False
and it's not the way, I'm hoping this time to find someone who actually fixed it.由于 StackOverflow 上现有的最佳答案是使用
ctx.verify = False
而不是这样,我希望这次能找到真正修复它的人。
Thanks谢谢
After checking in wireshark I saw that python throwing the wrong error.检查wireshark后,我看到python抛出了错误的错误。 the problem wasn't with the self certificate but was "Certificate Unknown" and the SSL handshake failed.
问题不在于自我证书,而是“证书未知”并且 SSL 握手失败。
So it can be done with ssl.CERT_REQ所以可以用 ssl.CERT_REQ 来完成
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.