SSL:CERTIFICATE_VERIFY_FAILED 证书验证失败

2022-01-15 00:00:00 python python-3.x ssl lxml xmlhttprequest

问题描述

从 lxml 导入 html导入请求url = "https://website.com/"page = requests.get(url)树 = html.fromstring(page.content)页面内容

-> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] 证书验证失败 (_ssl.c:748)

我运行了这个脚本,但我得到了这个错误.我该怎么做?

解决方案

由于您的 URL 是内部公司 URL"(如评论中所述),我猜它使用自签名证书,或者由自签名 CA 证书.

如果确实如此,您有两种选择:

(1) 提供您公司 CA 的路径(包括完整的中间证书链,如果有的话)到 requests.get() 通过 verify 参数调用:

requests.get('https://website.lo', verify='/path/to/certfile')

或(2),完全禁用客户端证书验证(但注意所有安全风险,这就像一个简单的中间人攻击等):

requests.get('https://website.lo', verify=False)

为了完整性,相关的 verify 参数在 requests.request() 文档:

<块引用>

verify --(可选)布尔值,在这种情况下它控制我们是否验证服务器的 TLS 证书或字符串,在这种情况下它必须是路径到要使用的 CA 捆绑包.默认为真.

from lxml import html
import requests


url = "https://website.com/"
page = requests.get(url)
tree = html.fromstring(page.content)
page.content

-> SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:748)

I run this script but I got this error. How can I do it?

解决方案

Since your URL is "an internal corporate URL" (as stated in comments), I'm guessing it uses a self-signed certificate, or is issued by a self-signed CA certificate.

If that is in fact the case, you have two options:

(1) provide the path to your corporate CA (including the complete chain of intermediate certificates, if any) to requests.get() call via verify argument:

requests.get('https://website.lo', verify='/path/to/certfile')

or (2), disable client-side certificate verification altogether (but beware of all the security risks this entails, like a simple man-in-the-middle attacks, etc):

requests.get('https://website.lo', verify=False)

Fore completeness, the relevant verify parameter is described in requests.request() docs:

verify -- (optional) Either a boolean, in which case it controls whether we verify 
          the server's TLS certificate, or a string, in which case it must be a path 
          to a CA bundle to use. Defaults to True.

相关文章