stackoom
  简体   繁体   中英

requests.Session with client certificates and own CA

 原文  2022-04-21 14:02:19       python/ python-3.x/ session/ client-certificates/ ca

Question

Here is my code

os.environ['REQUESTS_CA_BUNDLE'] = os.path.join('/path/to/','ca-own.crt')
s = requests.Session()
s.cert = ('some.crt', 'some.key')

s.get('https://some.site.com')

Last instruction returns:

requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))

With curl:

curl --cacert ca-own.crt --key some.key --cert some.crt https://some.site.com

returns normal html code.

How can i make python requests.Session send correct certificates to the endpoint?

PS The same situation will be if i add the following 

s.verify = 'some.crt'

or

cat some.crt ca-own.crt > res.crt

s.verify = 'res.crt'

PPS

cat some.crt some.key > res.pem

s.cert = "res.pem"

requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1131)')))

cat ca-own.crt some.crt some.key > res.pem

s.cert =  "res.pem"

requests.exceptions.SSLError: HTTPSConnectionPool(host='some.site.com', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLError(116, '[X509: KEY_VALUES_MISMATCH] key values mismatch (_ssl.c:4067)')))

2 answers

solution1
 0  2022-04-21 14:18:28

Above code will work if you put verify=False in the GET request, but it's not ideal security wise(Man in the middle attacks) thus you need to add the CA certificate(issuer's certificate) file to the verify parameter. More info here

session = requests.Session()
session.verify = "/path/to/issuer's certificate"(CA certificate)

session.get('https://some.site.com')

solution2
 0  2022-11-24 08:31:18

you can try this - session = requests.Session()

session.verify = "your CA cert"

response = session.get(url, cert=('path of client cert','path of client key'))

session.close()

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to close requests.Session()? Is it important to close a requests.Session? Consecutive requests with python Requests.Session() not working Why use Flask's app.test_client() over requests.Session() for testing Share requests.Session between processes in Python Mock cookies attribute of requests.session Avoiding simultaneous sessions with requests.Session()? Does requests.session expires if remained idle? Setting host and port for requests.Session() objects Django share requests.session() between views
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM