Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Python SSL Requests and Let's Encrypt Certs


I'm struggling at the moment to get the requests library to perform a simple GET request to a site of mine with a Let's Encrypt certificate. All's well with the site and I can access it from Chrome just fine. (I'm running OSX El Capitan at the moment).

First I tried doing a GET request to the site:

>>> import requests >>> requests.get('https://example.com')

This gives me:

requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)

I then tried various things, including getting hold of the Let's Encrypt authority certificate , and the following openssl command verifies my site's certificate successfully:

> openssl s_client -CAfile ./letsencryptauthorityx1.pem -connect example.com:443

The output of which included the following towards the bottom:

... SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: ... Session-ID-ctx: Master-Key: ... Key-Arg : None Start Time: 1452865123 Timeout : 300 (sec) Verify return code: 0 (ok) ---

Perhaps I'm missing something here, but it looks to me as though my site's been verified according to the Let's Encrypt authority certificate I supplied. So, I happily changed my python code to:

>>> requests.get('https://example.com', verify='./letsencryptauthorityx1.pem')

But I still keep getting the requests.exceptions.SSLError error. I've also tried using the DER format of the authority certificate, but then I get the following error from requests :

requests.exceptions.SSLError: unknown error (_ssl.c:2825)

Can anybody perhaps educate me as to how to go about fixing this?

Viewing all articles
Browse latest Browse all 12749