问题描述

我使用自签名证书进行调试.

I'm using a self-signed cert for debug purpose.

$ cp hbrls-server.cert /usr/local/share/ca-certificates/
$ update-ca-certificates

之后，我可以在/etc/ssl/certs/中看到hbrls-server.pem.但是 requests 仍然会引发 SSLError.

After that, I can see hbrls-server.pem in /etc/ssl/certs/. But requests still raises the SSLError.

如果我像这样指定证书:requests.get('https://blabla', verify='/etc/ssl/certs/hbrls-server.pem')，它将没事.

If I specify the cert like this: requests.get('https://blabla', verify='/etc/ssl/certs/hbrls-server.pem'), it will be OK.

并且 python -m requests.certs 返回 /usr/local/lib/python2.7/dist-packages/certifi/cacert.pem.

我如何发出 requests 以使用系统上的证书.我正在处理 dockerize 某事，并且不希望在我的代码中看到 verify=path-to-cert.

How can I make requests to use the certs on the system. I'm working on dockerize sth, and would not like to see that verify=path-to-cert in my code.

ubuntu 12.04，python 2.7.3，请求 2.7.0

ubuntu 12.04, python 2.7.3, requests 2.7.0

推荐答案

您可以设置环境变量REQUESTS_CA_BUNDLE，这样您就不必修改您的代码:

You can set the environment variable REQUESTS_CA_BUNDLE so you don't have to modify your code:

export REQUESTS_CA_BUNDLE=/usr/local/share/ca-certificates/hbrls-server.cert

来源:https://requests.readthedocs.io/en/master/user/advanced/#ssl-cert-verification

这篇关于如何强制请求使用我的 ubuntu 系统上的证书的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！