运行python-socketio客户端和flask-socketio服务器时,我需要PyCharm(macOS Mojave上为2019.1.1)接受我的自签名SSL证书。

我试图通过Preferences/Tools/Server Certificates将自签名证书添加到PyCharm。但是,它不能解决问题。当python-socketio客户端尝试连接到flask-socketio服务器时,它给了我错误。

在客户端,错误是这样抛出的:

Traceback (most recent call last):
  File "message_manager.py", line 218, in run
    namespaces=[self.channel])
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/socketio/client.py", line 262, in connect
    engineio_path=socketio_path)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/engineio/client.py", line 170, in connect
    url, headers, engineio_path)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/engineio/client.py", line 308, in _connect_polling
    if self._connect_websocket(url, headers, engineio_path):
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/engineio/client.py", line 346, in _connect_websocket
    cookie=cookies)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/websocket/_core.py", line 514, in create_connection
    websock.connect(url, **options)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/websocket/_core.py", line 223, in connect
    options.pop('socket', None))
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/websocket/_http.py", line 126, in connect
    sock = _ssl_socket(sock, options.sslopt, hostname)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/websocket/_http.py", line 260, in _ssl_socket
    sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/websocket/_http.py", line 239, in _wrap_sni_socket
    server_hostname=hostname,
  File "/Users/hqiu/anaconda3/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/Users/hqiu/anaconda3/lib/python3.7/ssl.py", line 853, in _create
    self.do_handshake()
  File "/Users/hqiu/anaconda3/lib/python3.7/ssl.py", line 1117, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1056)


这是服务器端的错误日志:

(82268) accepted ('127.0.0.1', 63087)
8d0d93e8376c44919237c647ceb899b3: Sending packet OPEN data {'sid': '8d0d93e8376c44919237c647ceb899b3', 'upgrades': ['websocket'], 'pingTimeout': 60000, 'pingInterval': 25000}
8d0d93e8376c44919237c647ceb899b3: Sending packet MESSAGE data 0
127.0.0.1 - - [16/Oct/2019 12:44:33] "GET /socket.io/?transport=polling&EIO=3&t=1571238873.310223 HTTP/1.1" 200 349 0.000423
(82268) accepted ('127.0.0.1', 63093)
Traceback (most recent call last):
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/hubs/kqueue.py", line 105, in wait
    readers.get(fileno, hub.noop).cb(fileno)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/greenthread.py", line 221, in main
    result = function(*args, **kwargs)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/wsgi.py", line 818, in process_request
    proto.__init__(conn_state, self)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/wsgi.py", line 357, in __init__
    self.handle()
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/wsgi.py", line 390, in handle
    self.handle_one_request()
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/wsgi.py", line 419, in handle_one_request
    self.raw_requestline = self._read_request_line()
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/wsgi.py", line 402, in _read_request_line
    return self.rfile.readline(self.server.url_length_limit)
  File "/Users/hqiu/anaconda3/lib/python3.7/socket.py", line 589, in readinto
    return self._sock.recv_into(b)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/green/ssl.py", line 241, in recv_into
    return self._base_recv(nbytes, flags, into=True, buffer_=buffer)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/green/ssl.py", line 256, in _base_recv
    read = self.read(nbytes, buffer_)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/green/ssl.py", line 176, in read
    super(GreenSSLSocket, self).read, *args, **kwargs)
  File "/Users/hqiu/PycharmProjects/gps_simulator/src/venv/lib/python3.7/site-packages/eventlet/green/ssl.py", line 150, in _call_trampolining
    return func(*a, **kw)
  File "/Users/hqiu/anaconda3/lib/python3.7/ssl.py", line 911, in read
    return self._sslobj.read(len, buffer)
ssl.SSLError: [SSL: TLSV1_ALERT_UNKNOWN_CA] tlsv1 alert unknown ca (_ssl.c:2488)


所以我的问题是,如何在macOS上将自签名证书添加到PyCharm并让Python找到它?

请给我一些想法。

最佳答案

我认为PyCharm无法将SSL证书设置传达给Python。 Socket.IO客户端目前不正式支持自签名证书,但已提出要求。有关客户端中与SSL证书有关的两个问题,请参见thisthis

也就是说,长轮询传输是通过请求包实现的,因此您可以设置REQUESTS_CA_BUNDLE环境变量来告知请求有关您的证书的信息。但是显然,这不适用于WebSocket。

关于python - 如何在PyCharm中添加自签名证书?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/58417165/

10-16 23:20