python-3.x - Python3.6/3.7 中 SSL 证书验证失败

问题描述

我在 python3.6 中运行以下代码以连接到存储。

[root@controller wuwy]# python3
Python 3.6.8 (default, Jan 11 2019, 02:17:16)
[GCC 8.2.1 20180905 (Red Hat 8.2.1-3)] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import pywbem
>>> ip = '193.168.11.113'
>>> user = '193_160_28_29'
>>> password = '193_160_28_29'
>>> url = 'https://193.168.11.113:5989'
>>> ca_certs = '/home/ca.cer'
>>> conn = pywbem.WBEMConnection(url,(user, password),default_namespace='root/example',ca_certs=ca_certs,no_verification=False)
>>> conn.EnumerateInstances('EXAMPLE_StorageProduct')

我收到以下错误。

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_operations.py", line 1919, in EnumerateInstances
    **extra)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_operations.py", line 1232, in _imethodcall
    conn_id=self.conn_id)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 776, in wbem_request
    client.endheaders()
  File "/usr/lib64/python3.6/http/client.py", line 1234, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/lib64/python3.6/http/client.py", line 1026, in _send_output
    self.send(msg)
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 461, in send
    self.connect()  # pylint: disable=no-member
  File "/usr/local/lib/python3.6/site-packages/pywbem/cim_http.py", line 619, in connect
    return self.sock.connect((self.host, self.port))
  File "/usr/lib64/python3.6/ssl.py", line 1064, in connect
    self._real_connect(addr, False)
  File "/usr/lib64/python3.6/ssl.py", line 1055, in _real_connect
    self.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 1032, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib64/python3.6/ssl.py", line 648, in do_handshake
    raise ValueError("check_hostname needs server_hostname "
ValueError: check_hostname needs server_hostname argument

当我在 python3.7 中运行相同的代码时，错误发生了变化。

Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_operations.py", line 2494, in EnumerateInstances
    **extra)
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_operations.py", line 1763, in _imethodcall
    conn_id=self.conn_id)
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_http.py", line 824, in wbem_request
    client.endheaders()
  File "/usr/python3/lib/python3.7/http/client.py", line 1224, in endheaders
    self._send_output(message_body, encode_chunked=encode_chunked)
  File "/usr/python3/lib/python3.7/http/client.py", line 1016, in _send_output
    self.send(msg)
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_http.py", line 483, in send
    self.connect()  # pylint: disable=no-member
  File "/usr/python3/lib/python3.7/site-packages/pywbem/_cim_http.py", line 661, in connect
    conn_id=conn_id)
pywbem._exceptions.ConnectionError: SSL error <class 'ssl.SSLCertVerificationError'>: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: IP address mismatch, certificate is not valid for '193.168.11.113'. (_ssl.c:1045); OpenSSL version: OpenSSL 1.1.1c FIPS  28 May 2019

此代码适用于 python2.7 版本。

我检查了证书的CN和SAN，这里似乎没有问题。

那么谁能告诉我这里有什么问题？

标签： python-3.xssl-certificate