pycurl 和 SSL 证书
我正在尝试编写 pycurl 脚本来访问安全站点(HTTPS)。
c = pycurl.Curl()
c.setopt(pycurl.USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0')
c.setopt(pycurl.URL, 'https://for-example-securedsite')
c.setopt(pycurl.COOKIEFILE, 'cookie.txt')
c.setopt(pycurl.COOKIEJAR, 'cookies.txt')
c.setopt(pycurl.WRITEDATA, file("page.html","wb"))
我收到以下错误..
pycurl.error: (60, 'SSL 证书问题,验证 CA 证书是否正常。详细信息:\n错误:14090086:SSL 例程:SSL3_GET_SERVER_CERTIFICATE:证书验证失败')
代码失败,如未能获得 SSL 证书。
如果我将以下行添加到我的代码中,错误就会消失。
c.setopt(pycurl.SSL_VERIFYPEER, 0)
c.setopt(pycurl.SSL_VERIFYHOST, 0)
上面的代码将跳过证书验证。但它受到“中间人”攻击。
我知道我的本地证书存储中有 SSL 证书。有谁知道如何导出我的证书并使用它我的代码..一些示例代码会很棒..
感谢您的时间!
I am trying to write a pycurl script to access a secured site (HTTPS).
c = pycurl.Curl()
c.setopt(pycurl.USERAGENT, 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0')
c.setopt(pycurl.URL, 'https://for-example-securedsite')
c.setopt(pycurl.COOKIEFILE, 'cookie.txt')
c.setopt(pycurl.COOKIEJAR, 'cookies.txt')
c.setopt(pycurl.WRITEDATA, file("page.html","wb"))
I am getting the below error..
pycurl.error: (60, 'SSL certificate problem, verify that the CA cert is OK. Details:\nerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed')
The code failed, as it failed to get the SSL cert.
The error went away if I add the below lines to my code.
c.setopt(pycurl.SSL_VERIFYPEER, 0)
c.setopt(pycurl.SSL_VERIFYHOST, 0)
The above code will skip the certificate verification. But its subjected to 'man in middle' attack.
I know I have the SSL certificate in my local certificate store. Do anyone know how to export my certificate and use it my code.. Some sample codes will be awesome..
Thanks for your time!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
你是对的,你这样做的方式会让你遭受中间人攻击,特别是考虑到 最新的 SSL 漏洞。您可以按如下方式解决:
curl 默认带有过期的证书列表。无论您是想更新它还是只是使用自己的证书进行测试,请确保将 Updated-certificate-chain.crt 文件放置在可访问的位置,并使用 pycurl.CAINFO 选项指向它。
还要确保 pycurl.SSL_VERIFYHOST 设置为 2,即最高安全检查设置。
You are right, the way you are doing it subjects you to a man-in-the-middle attack, especially in light of the most recent SSL vulnerabilities. You can resolve it as follows:
curl by default comes with an outdated certificate list. Whether you want to update it or just use your own certs for testing, make sure to place the updated-certificate-chain.crt file in an accessible location and use the pycurl.CAINFO option to point to it.
Also make sure pycurl.SSL_VERIFYHOST is set to 2, the highest security check setting.
我在 Windows 中使用 python 3 时发生了这样的错误:
(60, 'SSL 证书问题: 无法获取本地颁发者证书')
最后两个解决方案:
1 - 添加证书,curl.setopt(pycurl.CAINFO, " c:\certs\ssl.cert")
或
2 - 使用以下命令忽略 ssl 验证:
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
curl.setopt(pycurl.SSL_VERIFYHOST, 0)
@ Windows 中的所有 python 用户。
It happened to me using python 3 in windows, getting this error :
(60, 'SSL certificate problem: unable to get local issuer certificate')
The final two solutions :
1 - adding a certificate, curl.setopt(pycurl.CAINFO, "c:\certs\ssl.cert")
OR
2 - ignoring the ssl verification using :
curl.setopt(pycurl.SSL_VERIFYPEER, 0)
curl.setopt(pycurl.SSL_VERIFYHOST, 0)
@ for all python users in windows.
您是否阅读过 cURL 文档有关 SSL 证书?这似乎直接解决了您的问题...特别是第 2 项:
看起来 pycurl 模块包含 CAPATH 选项,因此这应该很容易在代码中实现。
Have you read the cURL documentation about SSL certificates? This seems to directly address your question...in particular, item 2:
It looks like the pycurl module contains the
CAPATHoption, so this should be simple to implement in your code.此问题的解决方案在于通过不安全参数 In在cmd终端中,我们专门输入arg“-k”
在Pycurl中,我们必须通过以下方法为curl对象设置相同的选项,安全级别最低,即“0”。
允许不安全连接
之后就可以毫无阻碍地访问 SSL
The Solution to this problem lies in providing the curl object access to the 'https' based protocol url's via insecure argument In a cmd terminal we exclusively input the arg '-k'
In Pycurl we have to set the same option to the curl object by the methods as below, with minimal level of security i.e '0'.
allow the insecure connection
After which, access to the SSL is made without any obstruction