urllib2报错[SSL:CERTIFICATE_VERIFY_FAILED]

在python中使用urllib2库去访问一个自签名的网站时,会出现如下报错: urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

出现以上错误的原因是因为python的版本问题,在python2.6(含2.6)以下版本中,在访问HTTPS的网站时,TLS握手期间不会检查服务器X509的证书签名是否是CA的可信任根证书。这种局面在python2.7 3.4 和 3.5版本中得到了修改。

所以,以下代码在python2.6版本中测试是完全没有问题的


import json
import urllib
import urllib2

url='https://www.20150509.cn:1559'

def test():
  
  pre_data = [{"client":"local", "tgt":"*", "fun":"test.ping"}]

  json_data = json.dumps(pre_data)
  
  header = {"Content-Type":"application/json", "Accept":"application/json", "X-Auth-Token":"b91e7uj86g4f97cc**********b92778ujh4kedf"}

  request = urllib2.Request(url, json_data, header)

  response = urllib2.urlopen(request)

  html = response.read()

  print html


if __name__=="__main__":
  test()

运行测试

shell> python sa.py 
{"return": [{"vm3.salt.com": true, "vm2.salt.com": true, "ph1.salt.com": true, "ph2.salt.com": true, "vm1.salt.com": true, "vm4.salt.com": true, "localhost": true, "vm7.salt.com": true}]}


在python2.7+版本就会报上述错误

shell> python sa.py 
Traceback (most recent call last):
  File "sa.py", line 25, in <module>
    test()
  File "sa.py", line 17, in test
    response = urllib2.urlopen(request)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
    return opener.open(url, data, timeout)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
    response = self._open(req, data)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
    '_open', req)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
    result = func(*args)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
    context=self._context)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
    raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

解决方法:

import json
import urllib
import urllib2
import ssl   #add line 1

ssl._create_default_https_context = ssl._create_unverified_context  #add line 2

url='https://www.20150509.cn:1559'

def test():
  
  pre_data = [{"client":"local", "tgt":"*", "fun":"test.ping"}]

  json_data = json.dumps(pre_data)
  
  header = {"Content-Type":"application/json", "Accept":"application/json", "X-Auth-Token":"b91e7uj86g4f97cc**********b92778ujh4kedf"}

  request = urllib2.Request(url, json_data, header)

  response = urllib2.urlopen(request)

  html = response.read()

  print html


if __name__=="__main__":
  test()


参考文档:

http://https://www.python.org/dev/peps/pep-0476/

推荐阅读更多精彩内容