安装证书后python 3.6证书失败答案

【问题标题】：python 3.6 certificate failure after installing certifi安装证书后python 3.6证书失败
【发布时间】：2018-07-04 12:06:49
【问题描述】：

我在 OS X 上运行的 python 3.6 脚本中遇到 SSL 证书故障。据我了解，安装 certifi 模块应该可以消除这些故障，但事实并非如此。这是失败脚本的输出：

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 601, in urlopen
    chunked=chunked)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 346, in _make_request
    self._validate_conn(conn)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 850, in _validate_conn
    conn.connect()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connection.py", line 326, in connect
    ssl_context=context)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/ssl_.py", line 329, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 407, in wrap_socket
    _context=self, _session=session)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 814, in __init__
    self.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 1068, in do_handshake
    self._sslobj.do_handshake()
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/ssl.py", line 689, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 440, in send
    timeout=timeout
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/connectionpool.py", line 639, in urlopen
    _stacktrace=sys.exc_info()[2])
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/urllib3/util/retry.py", line 388, in increment
    raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='34.203.232.192', port=2376): Max retries exceeded with url: /v1.35/containers/json?limit=-1&all=1&size=0&trunc_cmd=0 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/Users/csimmons/Documents/repos/onedoclily2/server/dlserver/configure/GetDynamoInstance.py", line 137, in <module>
    sys.exit(main())
  File "/Users/csimmons/Documents/repos/onedoclily2/server/dlserver/configure/GetDynamoInstance.py", line 95, in main
    containers = get_containers(client, container_name)
  File "/Users/csimmons/Documents/repos/onedoclily2/server/dlserver/configure/GetDynamoInstance.py", line 30, in get_containers
    all_containers = client.containers.list(all=True)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/docker/models/containers.py", line 895, in list
    since=since)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/docker/api/container.py", line 204, in containers
    res = self._result(self._get(u, params=params), True)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/docker/utils/decorators.py", line 46, in inner
    return f(self, *args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/docker/api/client.py", line 194, in _get
    return self.get(url, **self._set_request_timeout(kwargs))
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 521, in get
    return self.request('GET', url, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 508, in request
    resp = self.send(prep, **send_kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/sessions.py", line 618, in send
    r = adapter.send(request, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages/requests/adapters.py", line 506, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='34.203.232.192', port=2376): Max retries exceeded with url: /v1.35/containers/json?limit=-1&all=1&size=0&trunc_cmd=0 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:833)'),))

我相信这表明已安装 certifi：

$ /Library/Frameworks/Python.framework/Versions/3.6/bin/python3 -m pip install certifi
Requirement already satisfied: certifi in /Library/Frameworks/Python.framework/Versions/3.6/lib/python3.6/site-packages

【问题讨论】：

为了有效，HTTPS 证书必须由受信任的 CA 签名（通常是间接的）（并且没有过期或撤销），并且服务器名称必须与 URL 中的名称匹配。 certifi 中的 CA 证书仅针对其中的第一个。服务器的证书实际上是 34.203.232.192 吗？
@dave_thompson_085 你是对的；问题出在该服务器的证书上。我创建了一个新问题后问题就消失了。

标签： python-3.x ssl-certificate macos-high-sierra

【解决方案1】：

Python无法连接是因为3.6版本以后默认没有安装证书，需要在OSX Macos-highsierra和Macos-Mojave中安装证书，使用如下命令，我猜3.7也是一样的流程：

/Applications/Python\ 3.6/Install\ Certificates.command

检查：https://www.python.org/downloads/release/python-360/

【讨论】：