Ram*_*hum 5 python ssl certificate python-requests
我最近获得了我的网站的SSL证书:
https://ram.rachum.com/
它在浏览器中运行良好.但它失败了requests:
>>> import requests
>>> requests.get('https://ram.rachum.com')
Traceback (most recent call last):
File "<pyshell#1>", line 1, in <module>
requests.get('https://ram.rachum.com')
File "C:\Python27\lib\site-packages\requests\api.py", line 55, in get
return request('get', url, **kwargs)
File "C:\Python27\lib\site-packages\requests\api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Python27\lib\site-packages\requests\sessions.py", line 354, in request
resp = self.send(prep, **send_kwargs)
File "C:\Python27\lib\site-packages\requests\sessions.py", line 460, in send
r = adapter.send(request, **kwargs)
File "C:\Python27\lib\site-packages\requests\adapters.py", line 250, in send
raise SSLError(e)
SSLError: hostname 'ram.rachum.com' doesn't match either of '*.webfaction.com', 'webfaction.com'
为什么?为什么要requests查看webfaction证书而不是我自己的证书,哪个证书有效ram.rachum.com?
您正在使用不支持SNI(服务器名称指示)的请求库,但您在同一IP地址后面有多个SSL证书,这需要SNI.你可以用这个验证openssl s_client.如果没有为SNI命名,服务器只会为此IP提供默认证书,即*.webfaction.com:
openssl s_client -connect ram.rachum.com:443
...
0 ...CN=*.webfaction.com
但是,如果为SNI指定主机名,则返回预期的证书:
openssl s_client -connect ram.rachum.com:443 -servername ram.rachum.com
...
0 ...CN=ram.rachum.com...
也许您需要升级您的请求库和其他模块,请参阅使用TLS请求不提供SNI支持
| 归档时间: |
|
| 查看次数: |
2074 次 |
| 最近记录: |