请求:cert 和 verify 有什么区别?
问题描述
cert 和 verify 有什么区别?
What is the difference between cert and verify?
来自文档:
verify –(可选)如果为 True,将验证 SSL 证书.还可以提供 CA_BUNDLE 路径.cert –(可选)如果是字符串,则为 ssl 客户端证书文件 (.pem) 的路径.如果是 Tuple,则为 (‘cert’, ‘key’) 对.
verify – (optional) if True, the SSL cert will be verified. A CA_BUNDLE path can also be provided. cert – (optional) if String, path to ssl client cert file (.pem). If Tuple, (‘cert’, ‘key’) pair.
这是否意味着我可以做到以下几点:
Does this mean I can do the following:
CA_BUNDLE='path/to/.pem'
requests.get(url=google.com, verify= CA_BUNDLE)
或
Cert='path/to/.pem'
requests.get(url=google.com, cert=Cert)
他们看起来都在做同样的事情.除了 verify 可以禁用 ssl 验证.
They both look like they do the same thing. except verify can disable ssl verification.
我正在尝试使用 PYinstaller 将我的代码编译为 exe.我正在使用我看到已经有一个 cacert.pem 文件的 certifi 模块,但我想我仍然必须将它与我的代码捆绑在一起.
I am trying to compile my code to an exe using PYinstaller. I am using certifi module that I see already has a cacert.pem file but I guess I still have to bundle it with my code.
在我的代码中,我是修改 ...verify 还是 cert?...使用 cacert.pem 的路径还是只是 'cacert.pem'?
In my code do I modify ...verify or cert?...with a path to cacert.pem or just 'cacert.pem'?
解决方案
我觉得文档里写的很清楚:http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
I think it is clearly stated in the documentation: http://www.python-requests.org/en/latest/user/advanced/#ssl-cert-verification
cert 选项是向您发送自己的证书,例如使用客户端证书对服务器进行身份验证.它需要一个证书文件,如果密钥与证书不在同一个文件中,则还需要密钥文件.
The option cert is to send you own certificate, e.g. authenticate yourself against the server using a client certificate. It needs a certificate file and if the key is not in the same file as the certificate also the key file.
verify 选项用于启用(默认)或禁用服务器证书的验证.它可以采用 True 或 False 或包含受信任 CA 的文件的名称.如果没有给出我认为(没有记录?)它将采用来自 OpenSSL 的默认 CA 路径/文件,该路径通常适用于 UNIX(可能除了 OS X)而不适用于 Windows.
The option verify is used to enable (default) or disable verification of the servers certificate. It can take True or False or a name of a file which contains the trusted CAs. If not given I think (not documented?) it will take the default CA path/file from OpenSSL, which works usually on UNIX (except maybe OS X) and not on windows.
相关文章