ChromeDriver ERR_SSL_PROTOCOL_ERROR 尽管 --ignore-certificate-errors

您可以在 带有参数的 http POST 到/session 引发的 curl 错误:{desiredCapabilities":{browserName":chrome",platform":ANY" with Selenium 和 PHPUnit

<小时>

更多关于 ChromeDriver、Chrome 和 Selenium Client vrsion 的信息将有助于我们以更好的方式分析问题.然而，根据 ChromeDriver 的历史记录，以下与处理 证书错误 相关的问题已在 ChromeDriver 的最后几个版本中得到解决:

• 允许通过 DevTools 处理证书错误:作为 headlesschrome 无法针对 SSL 证书错误显示 UI 警告 修复 已发布以公开错误作为 DevTools 事件并通过 DevTools 命令控制要采取的操作.
• 提供在 Chromedriver/Selenium for headless 中处理证书错误的能力:之前通过 CLI 开关控制的某些 安全相关选项Chromium 的 UI 版本(如 --ignore-certificate-errors)被静默忽略，只能通过 devtools 设置.因此有必要在浏览器目标 DevTools 客户端上覆盖和处理 certificateError 事件.修复已发布，实现了使用新的 DevTools 方法来覆盖证书错误处理浏览器范围内也允许在无头模式下忽略证书错误.
• 通过 DevTools 处理全局证书错误:以前允许使用 DevTools处理单个目标/WebContents 的证书错误，但是当创建新目标时(例如单击 target=_blank 链接)，通常不可能发送 Security.enable/Security.setOverrideCertificateErrors 命令在尝试导航之前足够快.修复 发布了一个更简单的忽略所有证书错误"模式，而不是弃用旧的覆盖命令支持新的 setIgnoreCertificateErrors 命令，该命令还公开了浏览器目标上的安全域，以便于在整个浏览器中全局应用此覆盖.

结论

• 确保添加了以下参数/功能:
  • --allow-insecure-localhost
  • acceptInsecureCerts
  • --ignore-certificate-errors
• 当您使用 'chromedriverVersion': '74.0.3729.6' 时，请确保您也在使用 'chrome': '74.0'(根据 ChromeDriver v74.0.3729.6 发行说明)
• 确保您使用的是最新发布的 Selenium v​​3.141.59 客户端.

I'm trying to run integration tests on a local host (with no HTTPS) using selenium with ChromeDriver.

Chrome requires an https certificate, but from this question i understand that i can circumvent this using the arg --ignore-certificate-errors

I have also added to my capabilities acceptInsecureCerts, as this seems like the appropriate course of action (docs)

The response from the chromedriver is still not what I was expecting:

This site can’t provide a secure connection app sent an invalid response. ERR_SSL_PROTOCOL_ERROR

My code is below:

from selenium import webdriver
from selenium.webdriver.chrome.options import Options

# make options (principally to ignore certificate)
options = webdriver.ChromeOptions()
options.add_argument('--ignore-certificate-errors')

# add acceptInsecureCerts
capabilities = options.to_capabilities()
capabilities['acceptInsecureCerts'] = True

print(capabilities) # see below

driver = webdriver.Remote(
    command_executor=SELENIUM_HUB,
    desired_capabilities=capabilities
)
print(driver.__dict__) # see further below

app_login_url = 'http://app:8000/accounts/login/'

driver.get(app_login_url)

My capabilities:

{'acceptInsecureCerts': True,
'browserName': 'chrome',
'goog:chromeOptions': {'args': ['--ignore-certificate-errors'],
                        'extensions': []},
'platform': 'ANY',
'version': ''}

Here is my driver info, it looks like only the acceptInsecureCerts arg has been taken into account:

{'_file_detector': <selenium.webdriver.remote.file_detector.LocalFileDetector object at 0x7fb42bde10f0>,
'_is_remote': True,
'_mobile': <selenium.webdriver.remote.mobile.Mobile object at 0x7fb42bb5e400>,
'_switch_to': <selenium.webdriver.remote.switch_to.SwitchTo object at 0x7fb42bdd4898>,
'capabilities': {'acceptInsecureCerts': True,
                'acceptSslCerts': True,
                'applicationCacheEnabled': False,
                'browserConnectionEnabled': False,
                'browserName': 'chrome',
                'chrome': {'chromedriverVersion': '74.0.3729.6 '
                                                    '(255758eccf3d244491b8a1317aa76e1ce10d57e9-refs/branch-heads/3729@{#29})',
                            'userDataDir': '/tmp/.com.google.Chrome.vc1ZvB'},
                'cssSelectorsEnabled': True,
                'databaseEnabled': False,
                'goog:chromeOptions': {'debuggerAddress': 'localhost:40815'},
                'handlesAlerts': True,
                'hasTouchScreen': False,
                'javascriptEnabled': True,
                'locationContextEnabled': True,
                'mobileEmulationEnabled': False,
                'nativeEvents': True,
                'networkConnectionEnabled': False,
                'pageLoadStrategy': 'normal',
                'platform': 'Linux',
                'proxy': {},
                'rotatable': False,
                'setWindowRect': True,
                'strictFileInteractability': False,
                'takesHeapSnapshot': True,
                'takesScreenshot': True,
                'timeouts': {'implicit': 0,
                            'pageLoad': 300000,
                            'script': 30000},
                'unexpectedAlertBehaviour': 'ignore',
                'version': '74.0.3729.169',
                'webStorageEnabled': True,
                'webdriver.remote.sessionid': '1cf77f237e966bac6ca15d4d9c107423'},
'command_executor': <selenium.webdriver.remote.remote_connection.RemoteConnection object at 0x7fb42be0cf98>,
'error_handler': <selenium.webdriver.remote.errorhandler.ErrorHandler object at 0x7fb427d08a20>,
'session_id': '1cf77f237e966bac6ca15d4d9c107423',
'w3c': False}

Why am i still seeing the ERR_SSL_PROTOCOL_ERROR ?

This error message...

This site can’t provide a secure connection app sent an invalid response. ERR_SSL_PROTOCOL_ERROR

...implies that the ChromeDriver was unable to initiate/spawn a new WebBrowser i.e. Chrome Browser session on your localhost.

As you are seeing this issue on your local host (with no HTTPS) as per this comment a blind fold solution would be to add the argument --allow-insecure-localhost through chromeOptions() as follows:

'goog:chromeOptions': {'args': ['--allow-insecure-localhost'],
            'extensions': []}

However your main issue seems to be with the capabilities where you have set platform being set s ANY as follows:

{'acceptInsecureCerts': True,
'browserName': 'chrome',
'goog:chromeOptions': {'args': ['--ignore-certificate-errors'],
            'extensions': []},
'platform': 'ANY',
'version': ''}

As per WebDriver - W3C Living Document the platformName section mentions, the following platform names are in common usage with well-understood semantics and, when matching capabilities, greatest interoperability can be achieved by honoring them as valid synonyms for well-known Operating Systems:

Key         System
---         ------
"linux"     Any server or desktop system based upon the Linux kernel.
"mac"       Any version of Apple’s macOS.
"windows"   Any version of Microsoft Windows, including desktop and mobile versions.

Note:This list is not exhaustive.

When returning capabilities from New Session, it is valid to return a more specific platformName, allowing users to correctly identify the Operating System the WebDriver implementation is running on.

So instead of passing "platform":"ANY" within the desiredCapabilities object, a more specific "platform":"linux" will be more desirable approach.

You can find a relevant and related discussion in Curl error thrown for http POST to /session with params: {"desiredCapabilities":{"browserName":"chrome","platform":"ANY" with Selenium and PHPUnit

Some more information about the ChromeDriver, Chrome and Selenium Client vrsion would have helped us to analyze the issue in a better way. However as per ChromeDriver history the following issues related to handling of certificate errors were addressed in the last few releases of ChromeDriver:

• Allow handling certificate errors via DevTools: As the headless chrome cannot show a UI warning for SSL certificate errors a fix was released to expose the errors as DevTools events and control the action to take through a DevTools command.
• Provide ability to handle certificate errors in Chromedriver/Selenium for headless: Earlier certain security related options that was controlled via CLI switches in the UI version of Chromium (like --ignore-certificate-errors) were silently ignored and can only be set via devtools. So it was necessary to override and handle certificateError events on the browser-target DevTools client. A fix was released implementing the usage of the new DevTools method to override certificate error handling browser-wide which allowed ignoring certificate errors in headless mode too.
• Global certificate error handling via DevTools: Previously DevTools allowed handling certificate errors for individual targets / WebContents, but when a new target was created (e.g. clicking on a target=_blank link), it was not often not possible to send the Security.enable / Security.setOverrideCertificateErrors commands quickly enough before a navigation is attempted. A fix was published with a simpler "ignore all cert errors" mode instead deprecated the old override command in favor of a new setIgnoreCertificateErrors command which also exposes the Security domain on the browser target to facilitate applying this override globally for the whole browser.

Conclusion

• Ensure that the following arguments/capabilities are added:
  • --allow-insecure-localhost
  • acceptInsecureCerts
  • --ignore-certificate-errors
• As you are using 'chromedriverVersion': '74.0.3729.6' ensure that you are also using 'chrome': '74.0' (as per ChromeDriver v74.0.3729.6 Release Notes)
• Ensure that you are using the latest released Selenium v3.141.59 clients.