urllib2报错[SSL:CERTIFICATE_VERIFY_FAILED]

在python中使用urllib2库去访问一个自签名的网站时,会出现如下报错: urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

出现以上错误的原因是因为python的版本问题,在python2.6(含2.6)以下版本中,在访问HTTPS的网站时,TLS握手期间不会检查服务器X509的证书签名是否是CA的可信任根证书。这种局面在python2.7 3.4 和 3.5版本中得到了修改。

所以,以下代码在python2.6版本中测试是完全没有问题的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

import json
import urllib
import urllib2

url='https://www.20150509.cn:1559'

def test():

pre_data = [{"client":"local", "tgt":"*", "fun":"test.ping"}]

json_data = json.dumps(pre_data)

header = {"Content-Type":"application/json", "Accept":"application/json", "X-Auth-Token":"b91e7uj86g4f97cc**********b92778ujh4kedf"}

request = urllib2.Request(url, json_data, header)

response = urllib2.urlopen(request)

html = response.read()

print html


if __name__=="__main__":
test()

运行测试

1
2
shell> python sa.py 
{"return": [{"vm3.salt.com": true, "vm2.salt.com": true, "ph1.salt.com": true, "ph2.salt.com": true, "vm1.salt.com": true, "vm4.salt.com": true, "localhost": true, "vm7.salt.com": true}]}

在python2.7+版本就会报上述错误

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
shell> python sa.py 
Traceback (most recent call last):
File "sa.py", line 25, in <module>
test()
File "sa.py", line 17, in test
response = urllib2.urlopen(request)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 154, in urlopen
return opener.open(url, data, timeout)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 431, in open
response = self._open(req, data)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 449, in _open
'_open', req)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 409, in _call_chain
result = func(*args)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1240, in https_open
context=self._context)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib2.py", line 1197, in do_open
raise URLError(err)
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

解决方法:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
import json
import urllib
import urllib2
import ssl #add line 1

ssl._create_default_https_context = ssl._create_unverified_context #add line 2

url='https://www.20150509.cn:1559'

def test():

pre_data = [{"client":"local", "tgt":"*", "fun":"test.ping"}]

json_data = json.dumps(pre_data)

header = {"Content-Type":"application/json", "Accept":"application/json", "X-Auth-Token":"b91e7uj86g4f97cc**********b92778ujh4kedf"}

request = urllib2.Request(url, json_data, header)

response = urllib2.urlopen(request)

html = response.read()

print html


if __name__=="__main__":
test()

参考文档:

http://https://www.python.org/dev/peps/pep-0476/