Python请求模块中的SSLError

Question

我想使用服务器生成的证书从我的客户端对服务器进行身份验证，我有一个服务器-ca.crt和下面的CURL命令，即working.How使用python请求模块发送类似的请求。

$ curl -X GET -u sat_username:sat_password \
-H "Accept:application/json" --cacert katello-server-ca.crt \
https://satellite6.example.com/katello/api/organizations

我已经尝试过这样做了，它得到了一些例外，谁能帮助解决这个问题。

 python requestsCert.py
Traceback (most recent call last):
  File "requestsCert.py", line 2, in <module>
    res=requests.get('https://satellite6.example.com/katello/api/organizations', cert='/certificateTests/katello-server-ca.crt', verify=True)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 68, in get
    return request('get', url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/api.py", line 50, in request
    response = session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2554)

Answer 1

res=requests.get('https://...', cert='/certificateTests/katello-server-ca.crt', verify=True)

cert参数用于指定用于相互身份验证的客户端证书和密钥。它不像用curl表示的--cacert参数那样指定可信的CA。相反，您应该使用verify参数：

res=requests.get('https://...', verify='/certificateTests/katello-server-ca.crt')

有关更多信息，请参见SSL证书验证和requests文档中的客户端证书。