我正在使用Requests连接到RESTful API.我想要达到的服务器使用自带证书的ssl.
cafile = "gateway.pem"
r = requests.get(request,auth=('admin','password'),verify=cafile)
问题是我得到主机名不匹配的SSLError.
应该有一种方法来禁用主机名检查而不禁用证书验证,就像在许多java实现中一样,但我无法找到如何在python中处理请求.
堆栈跟踪:
Traceback (most recent call last):
File "<pyshell#43>",line 1,in <module>
r = requests.get(request,auth=("admin","password"),verify='gateway.pem')
File "C:\Python27\lib\site-packages\requests-2.0.0-py2.7.egg\requests\api.py",line 55,in get
return request('get',url,**kwargs)
File "C:\Python27\lib\site-packages\requests-2.0.0-py2.7.egg\requests\api.py",line 44,in request
return session.request(method=method,url=url,**kwargs)
File "C:\Python27\lib\site-packages\requests-2.0.0-py2.7.egg\requests\sessions.py",line 357,in request
resp = self.send(prep,**send_kwargs)
File "C:\Python27\lib\site-packages\requests-2.0.0-py2.7.egg\requests\sessions.py",line 460,in send
r = adapter.send(request,**kwargs)
File "C:\Python27\lib\site-packages\requests-2.0.0-py2.7.egg\requests\adapters.py",line 358,in send
raise SSLError(e)
SSLError: hostname '10.76.92.70' doesn't match u'lital.com'
如何才能做到这一点?
解决方法
请求不允许直接,但您可以提供使用基础urllib3功能的自定义传输适配器.请求文档中介绍了传输适配器的用法.
此代码未经过测试,但应该可以使用.
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
# Never check any hostnames
class HostNameIgnoringAdapter(HTTPAdapter):
def init_poolmanager(self,connections,maxsize,block=False):
self.poolmanager = PoolManager(num_pools=connections,maxsize=maxsize,block=block,assert_hostname=False)
# Check a custom hostname
class CustomHostNameCheckingAdapter(HTTPAdapter):
def cert_verify(self,conn,verify,cert):
# implement me
host = custom_function_mapping_url_to_hostname(url)
conn.assert_hostname = host
return super(CustomHostNameCheckingAdapter,self).cert_verify(conn,cert)
详细说明assert_hostname参数的工作原理如下:如果None使用URL中的主机名,则如果False禁止主机名检查,则自定义字符串将对此字符串进行验证.