Python请求模块中的SSLError模块

Question

我想从我的客户端使用从server生成的证书向服务器进行身份验证。我有一个server-ca.crt，下面是正在工作的CURL命令。如何使用发送类似请求python请求模块。

$ curl -X GET -u sat_username:sat_password \ 
-H "Accept:application/json" --cacert katello-server-ca.crt \ 
https://satellite6.example.com/katello/api/organizations 

我试过下面的方法，它得到一些例外，有人可以帮助解决这个问题。

python requestsCert.py 
Traceback (most recent call last): 
    File "requestsCert.py", line 2, in <module> 
    res=requests.get('https://satellite6.example.com/katello/api/organizations', cert='/certificateTests/katello-server-ca.crt', verify=True) 
    File "/usr/lib/python2.7/site-packages/requests/api.py", line 68, in get 
    return request('get', url, **kwargs) 
    File "/usr/lib/python2.7/site-packages/requests/api.py", line 50, in request 
    response = session.request(method=method, url=url, **kwargs) 
    File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 464, in request 
    resp = self.send(prep, **send_kwargs) 
    File "/usr/lib/python2.7/site-packages/requests/sessions.py", line 576, in send 
    r = adapter.send(request, **kwargs) 
    File "/usr/lib/python2.7/site-packages/requests/adapters.py", line 431, in send 
    raise SSLError(e, request=request) 
requests.exceptions.SSLError: [SSL] PEM lib (_ssl.c:2554) 

Answer 1

res=requests.get('https://...', cert='/certificateTests/katello-server-ca.crt', verify=True) 

的cert论点requests.get用于指定应该用于相互认证的客户端证书和密钥。它不用于指定受信任的CA，因为curl中的--cacert参数确实如此。相反，你应该使用verify参数：

res=requests.get('https://...', verify='/certificateTests/katello-server-ca.crt') 

欲了解更多信息，请参阅SSL Cert Verification和Client Side Certificates文档中的requests。