【错误】:
IOError: [Errno socket error] [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590):
File "slpi_proc/tools/build/scons/build/start.scons", line 48:
ENV.Tool('ComSConstruct', toolpath = ['${BUILD_ROOT}/tools/build/scons/build'])
File "slpi_proc/tools/build/scons/SCons/Environment.py", line 1692:
tool(self)
File "slpi_proc/tools/build/scons/SCons/Tool/__init__.py", line 180:
self.generate(env, *args, **kw)
File "slpi_proc/tools/build/scons/build/ComSConstruct.py", line 64:
env.LoadImageUnits(env.get('IMAGE_ROOT_DIR_PATTERNS'))
File "slpi_proc/tools/build/scons/SCons/Environment.py", line 222:
return self.method(*nargs, **kwargs)
File "slpi_proc/tools/build/scons/scripts/utils.py", line 1908:
load_sub_scripts(env, dir_patterns, script_name_patterns, "image", clone_env=True)
File "slpi_proc/tools/build/scons/scripts/utils.py", line 2405:
node.load_scripts(script_list, script_type, clone_env=clone_env, mark_time=True)
File "slpi_proc/tools/build/scons/scripts/utils.py", line 2480:
env.SConscript(script, exports='env')
File "slpi_proc/tools/build/scons/SCons/Script/SConscript.py", line 551:
return _SConscript(self.fs, *files, **subst_kw)
File "slpi_proc/tools/build/scons/SCons/Script/SConscript.py", line 260:
exec _file_ in call_stack[-1].globals
File "slpi_proc/config/bsp/ssc_slpi_user/build/ssc_slpi_user.scons", line 307:
au_items = env.LoadAreaSoftwareUnits('ssc_api')
File "slpi_proc/tools/build/scons/SCons/Environment.py", line 222:
return self.method(*nargs, **kwargs)
File "slpi_proc/tools/build/scons/scripts/utils.py", line 2342:
env.SConscript(au_root_script, exports='env')
File "slpi_proc/tools/build/scons/SCons/Script/SConscript.py", line 551:
return _SConscript(self.fs, *files, **subst_kw)
File "slpi_proc/tools/build/scons/SCons/Script/SConscript.py", line 260:
exec _file_ in call_stack[-1].globals
File "slpi_proc/ssc_api/build/ssc_api.scons", line 185:
npd.get_nanopb(MY_ROOT, env.subst('${BUILD_ROOT}'))
File "slpi_proc/ssc_api/build/npd.py", line 35:
pbfile.retrieve(linux_nanopb_link, linux_nanopb_tar_file)
File "/usr/lib/python2.7/urllib.py", line 248:
fp = self.open(url, data)
File "/usr/lib/python2.7/urllib.py", line 216:
return getattr(self, name)(url)
File "/usr/lib/python2.7/urllib.py", line 446:
h.endheaders(data)
File "/usr/lib/python2.7/httplib.py", line 1099:
self._send_output(message_body)
File "/usr/lib/python2.7/httplib.py", line 913:
self.send(msg)
File "/usr/lib/python2.7/httplib.py", line 875:
self.connect()
File "/usr/lib/python2.7/httplib.py", line 1324:
server_hostname=server_hostname)
File "/usr/lib/python2.7/ssl.py", line 353:
_context=self)
File "/usr/lib/python2.7/ssl.py", line 601:
self.do_handshake()
File "/usr/lib/python2.7/ssl.py", line 830:
self._sslobj.do_handshake()
报错问题原因就是证书认证失败。
【原因】:
python2.7.9以后,默认开启了服务器证书验证功能。如果证书校验不通过,则拒绝后续操作;目的是可以防止中间人攻击,并使客户端确保服务器确实是它声称的身份。如果是自签名证书,由于一般系统的CA证书中不存在自签名的CA证书内容,从而导致证书验证不通过。
【解决方案】:
1、通过环境部变量设置,关闭服务器证书验证功能
执行以下shell命令:
echo "export PYTHONHTTPSVERIFY=0" >> ~/.bashrc
source ~/.bashrc
2、取消服务器证书验证功能(全局影响)
在文件开始部分,加入如下代码:
import ssl
ssl._create_default_https_context = ssl._create_unverified_context
3、创建取消服务器证书验证的context参数(当前请求代码影响)
使用示例如下:
import ssl
context = ssl._create_unverified_context()
urllib.urlopen('https://www.baidu.com', context=context)
4、requests verify 参数设置为False,取消验证功能
使用示例如下:
requests.get(url, verify=False)
5、手动指定CA证书(Python3)
使用示例如下:
import urllib
urllib.request.urlopen("https://example.com/some/info", cafile="ca.pem")
当系统根证书存在问题的时候,可以使用 certifi提供的CA证书:
import certifi
import urllib
urllib.request.urlopen('https://example.com/bar/baz.html', cafile=certifi.where())