stackoom
  简体   繁体   中英

Python requests SSL error with combined .pem file

 原文  2015-10-14 23:25:00       python/ ssl/ python-requests

Question

I have an internal server/api that is signed by an internal sub ca which was signed by the root ca. In my browsers the site is trusted and verified because the root ca and sub ca certs were imported. I can also verify the signing chain for the web server.

I am using python requests library to make calls to the api. I created a .pem file which includes the root ca and sub ca certs

eg

-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
snathopONSETUHO...
-----END CERTIFICATE-----

When making the requests call I used

r = requests.get('https://server/api', auth=(user,password), cert='/path/to/cert_bundle.pem')

The error I recieve is

---------------------------------------------------------------------------
SSLError                                  Traceback (most recent call last)
<ipython-input-16-04e0aff97162> in <module>()
----> 1 r = requests.get('https://host/api/', auth=(user,password), cert='/path/to/cert_bundle.pem')

/usr/lib/python2.7/site-packages/requests/api.pyc in get(url, **kwargs)
     66
     67     kwargs.setdefault('allow_redirects', True)
---> 68     return request('get', url, **kwargs)
     69
     70

/usr/lib/python2.7/site-packages/requests/api.pyc in request(method, url, **kwargs)
     48
     49     session = sessions.Session()
---> 50     response = session.request(method=method, url=url, **kwargs)
     51     # By explicitly closing the session, we avoid leaving sockets open which
     52     # can trigger a ResourceWarning in some cases, and look like a memory leak

/usr/lib/python2.7/site-packages/requests/sessions.pyc in request(self, method, url, params, data, headers, cookies, files, auth, timeout, allow_redirects, proxies, hooks, stream, verify, cert, json)
    462         }
    463         send_kwargs.update(settings)
--> 464         resp = self.send(prep, **send_kwargs)
    465
    466         return resp

/usr/lib/python2.7/site-packages/requests/sessions.pyc in send(self, request, **kwargs)
    574
    575         # Send the request
--> 576         r = adapter.send(request, **kwargs)
    577
    578         # Total elapsed time of the request (approximately)

/usr/lib/python2.7/site-packages/requests/adapters.pyc in send(self, request, stream, timeout, verify, cert, proxies)
    429         except (_SSLError, _HTTPError) as e:
    430             if isinstance(e, _SSLError):
--> 431                 raise SSLError(e, request=request)
    432             elif isinstance(e, ReadTimeoutError):
    433                 raise ReadTimeout(e, request=request)

SSLError: [SSL] PEM lib (_ssl.c:2757)

Any ideas why my cert won't validate? I tried reversing the order in the .pem file in case order matters but still cannot get my request to work.

I also tried with verify=False which works but not what I want and throws the error

/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:769: 
InsecureRequestWarning: Unverified HTTPS request is being made. Adding 
certificate verification is strongly advised. See: 
https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

2 answers

solution1
 3 ACCPTED  2015-10-15 01:59:22

Looks like you're using the wrong parameter to pass the path to the certificate bundle, your code should read:

r = requests.get('https://server/api', auth=(user,password), verify='/path/to/cert_bundle.pem')

The parameter used for verifying a remote certificate signed by a CA is verify . If you only specify verify=True then it will use a default internal root certificate store, but you can also pass in a path to your own store as in my code example.

The cert parameter is for confirming your own identity to the remote server, which your server probably doesn't care about here.

solution2
 0  2020-11-05 07:32:55

The parameter in session was wrong it is not cert it is verify ....

import gitlab
import requests

session = requests.Session()
session.verify = 'ca_cert.pem'
domain = 'https://your.gitlab.server.com'
gl = gitlab.Gitlab(domain, private_token='your access token', api_version="4", session=session)
gl.auth()

pathToProject = "path/to/repo"
project = gl.projects.get(pathToProject)
items = project.repository_tree()

print(items)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question SSL error while connecting with python httplib and pem file Python Requests using PFX certificate wont work ! - OpenSSL.SSL.Error: [('PEM routines'] - PFX to PEM conversion necessary? In python requests, what does SSLError: [SSL] PEM lib (_ssl.c:2600) mean? Python requests Library SSL error: [Errno 2] No such file or directory Python Requests SSL Error inconsistency Python Requests Throwing SSL Error SSL 480 error in python Requests python requests ssl error 550 Python Requests SSL Error 504 python requests : SSL error during requests?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM