python 3.6 SSL: CERTIFICATE_VERIFY_FAILED
Opened this issue · 9 comments
Traceback (most recent call last):
File "/Users/tony/self_file/paipai/DRF_practice/self_practice/tcent/cdn.py", line 36, in
print(service.call(action, params))
File "/Users/tony/self_file/paipai/paipaicmdb/paipaicmdb/lib/python3.6/site-packages/QcloudApi/qcloudapi.py", line 172, in call
return service.call(action, params)
File "/Users/tony/self_file/paipai/paipaicmdb/paipaicmdb/lib/python3.6/site-packages/QcloudApi/modules/base.py", line 158, in call
resp_inter = self.apiRequest.send_request(req_inter)
File "/Users/tony/self_file/paipai/paipaicmdb/paipaicmdb/lib/python3.6/site-packages/QcloudApi/common/request.py", line 109, in send_request
raise ApiClientNetworkException(str(e))
QcloudApi.common.api_exception.ApiClientNetworkException: ApiClientNetworkException Error Message: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748)
Currently we are not testing python3.6 in our ci, but we'll add it soon.
For this issue, how do you install python3.6 environment? By binary installation or compile from source code? If it is the later case, you should add ssl support, for instance, if you'are using debain/ubuntu, run sudo apt-get install python3-dev libffi-dev libssl-dev before compiling python3.6 source code.
We've already added python 3.6.3 environment into ci test, the result looks good.
解决 了,是SSL 的版本问题,我是2.x 的版本, 改成OpenSSL 1.0.2n 就好了
QcloudApi.common.api_exception.ApiClientNetworkException: ApiClientNetworkException Error Message: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:777)
openssl version
LibreSSL 2.2.7
用程序拼接出来的url发请求是work的,但是用sdk发就出这个问题。
感觉sdk兼容性有点问题。
我的电脑是Mac Book Pro最新版的系统。
这个问题跟ssl版本没有关系。python 3.6在做https链接前会做context的验证,检查是否有证书。如果初始化没有指定证书,就会默认需要证书,那么请求就挂掉了。所以,要加一个判断,明示说不需要添加证书。
HTTPSConnection.__init__(self, host, port, context=ssl._create_unverified_context())初始化的时候添加context=ssl._create_unverified_context()
class MyHTTPSConnection(HTTPSConnection):
def __init__(self, host, port=None):
self.has_proxy = False
self.request_host = host
https_proxy = (os.environ.get('https_proxy')
or os.environ.get('HTTPS_PROXY'))
if https_proxy:
url = urlparse(https_proxy)
if not url.hostname:
url = urlparse('https://' + https_proxy)
host = url.hostname
port = url.port
self.has_proxy = True
HTTPSConnection.__init__(self, host, port, context=ssl._create_unverified_context())
self.request_length = 0我在mac os 10.13.1上通过homebrew安装python3.6.4,openssl版本也是libressl 2.2.7,并未遇到问题。进入python3.6.4环境后查看ssl的版本信息也仍然是1.0.2.
如果您是通过python官网提供的安装工具直接安装的,有可能是是遇到了这个问题https://bugs.python.org/issue28150 ,可以通过这里提到的方法尝试解决https://stackoverflow.com/questions/47896873/sslerror-using-requests-and-python-3-6
不检查证书并不是一个安全的选择
我用Mac和python 2.7.15 也遇到相同的问题。
估计这似乎是所有Mac用户,都会遇到的问题,具体解释可以看楼上的python和openssl的解释。
我建议在readme提醒一下用户。
核心解决方案是,安装certifi,然后在OpenSSL的文件夹里面创建一个软链接。
pip已经帮你准备好脚本:
sh /Applications/Python\ 2.7/Install\ Certificates.command
@Shengpei-Luke-Chen 我使用的是virtualenv,python也是通过brew安装的,请问这个Install\ Certificates.command在哪里可以找到。