python - Windows 上的 Python 3.6:包括自定义 CA 文件不起作用
问题描述
在 Windows 10 中使用 python 3.6 (Anaconda) 添加自定义 CA 不起作用。我做了什么:
创建了2个环境变量:
SSL_CERT_DIR=C:\_Data\Certs <-- This alone should do the trick
SSL_CERT_FILE=C:\_Data\Certs\burp
我在本地主机上运行 Burp。我已将 CA 证书导出到c:\_Data\Certs\burp
. 尝试过 PEM 和 DER,两者都应该工作。
我的程序:
import aiohttp
import ssl
import asyncio
async def main():
session = aiohttp.ClientSession()
print(ssl.get_default_verify_paths()) # to verify that my environment variable is working
f = open('C:\\_Data\\Certs\\burp', 'r') # To check I don't have a permission problem
f.close()
aiohttp_proxy = 'http://127.0.0.1:8080'
async with session.get('https://www.whatismyip.com', proxy=aiohttp_proxy) as response:
print(await response.text())
await session.close()
if __name__ == "__main__":
loop = asyncio.get_event_loop()
loop.run_until_complete(main())
输出:
DefaultVerifyPaths(cafile='C:\\_Data\\Certs\\burp', capath='C:\\_Data\\Certs', openssl_cafile_env='SSL_CERT_FILE', openssl_cafile='/usr/local/ssl/cert.pem', openssl_capath_env='SSL_CERT_DIR', openssl_capath='/usr/local/ssl/certs')
Traceback (most recent call last):
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\connector.py", line 822, in _wrap_create_connection
return await self._loop.create_connection(*args, **kwargs)
File "C:\ProgramData\Anaconda3\Lib\asyncio\base_events.py", line 802, in create_connection
sock, protocol_factory, ssl, server_hostname)
File "C:\ProgramData\Anaconda3\Lib\asyncio\base_events.py", line 828, in _create_connection_transport
yield from waiter
File "C:\ProgramData\Anaconda3\Lib\asyncio\sslproto.py", line 503, in data_received
ssldata, appdata = self._sslpipe.feed_ssldata(data)
File "C:\ProgramData\Anaconda3\Lib\asyncio\sslproto.py", line 201, in feed_ssldata
self._sslobj.do_handshake()
File "C:\ProgramData\Anaconda3\Lib\ssl.py", line 683, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "C:/Users/defaultuser/PycharmProjects/testproject/_test/test_cert.py", line 20, in <module>
loop.run_until_complete(main())
File "C:\ProgramData\Anaconda3\Lib\asyncio\base_events.py", line 466, in run_until_complete
return future.result()
File "C:/Users/defaultuser/PycharmProjects/testproject/_test/test_cert.py", line 14, in main
async with session.get('https://www.whatismyip.com', proxy=aiohttp_proxy) as response:
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\client.py", line 843, in __aenter__
self._resp = await self._coro
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\client.py", line 366, in _request
timeout=timeout
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\connector.py", line 445, in connect
proto = await self._create_connection(req, traces, timeout)
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\connector.py", line 754, in _create_connection
req, traces, timeout)
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\connector.py", line 960, in _create_proxy_connection
req=req)
File "C:\Users\defaultuser\PycharmProjects\testproject\venv\lib\site-packages\aiohttp\connector.py", line 827, in _wrap_create_connection
raise ClientConnectorSSLError(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorSSLError: Cannot connect to host www.whatismyip.com:443 ssl:None [[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)]
Unclosed client session
client_session: <aiohttp.client.ClientSession object at 0x000001C3E504F278>
Process finished with exit code 1
我通过打开 CA 文件并验证它是否与将常规浏览器指向在 localhost 上运行的代理并在访问 HTTPS 网站后验证 CA 详细信息时的相同来仔细检查 CA 文件是否正确。
为什么它不起作用?
解决方案
重新安装 Anaconda,更新 Pycharm,在 Burp 中重新生成 CA 并重新启动,它现在可以工作了。不知道是什么原因。
推荐阅读
- python - 在 python 中,为什么我必须关闭一个情节才能看到下一个情节?
- javascript - 未捕获的类型错误:$.browser 未定义
- apache - secrule modsecurity 随机数和地址 ip post 方法
- javascript - 如何在某个类 (JS) 中操作元素的样式
- file - 是否有简短的语法可以在提交消息中添加指向当前存储库中文件的链接?
- dataframe - 火花数据框
- python - 如何组合来自两个单独的 for 语句的打印数据?
- python - 如何使用 Seaborn 在 x 轴上绘制月份和在 y 轴上绘制降雨量?
- python - Django 数据库重复
- laravel - Eloquent (Laravel) 作为独立的 - 1215 无法添加外键约束