【发布时间】:2016-08-22 03:40:26
【问题描述】:
我在 * 中多次阅读过这个错误,但其中没有一个对我有用。
OSX El Capitan 10.11.3、Python 2.7.10、OpenSSL 0.9.8zg
- pip 已更新为最新版本
- openssl 随 brew 一起安装
-
按照推荐的here运行以下片段:
env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" pip install requests[security] urllib3
当我在 python 上运行以下 4 行时,我仍然收到以下错误消息:
>>> import requests
>>> s = requests.Session()
>>> url = "https://www.tastekid.com/api/similar?q=pulp+fiction"
>>> requests.get(url)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/Library/Python/2.7/site-packages/requests/api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "/Library/Python/2.7/site-packages/requests/api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "/Library/Python/2.7/site-packages/requests/sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "/Library/Python/2.7/site-packages/requests/sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "/Library/Python/2.7/site-packages/requests/adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'SSL23_GET_SERVER_HELLO', 'sslv3 alert handshake failure')],)",)
可能是密码错误?我还尝试使用以下代码安装密码模块,但失败:
$ env ARCHFLAGS="-arch x86_64" LDFLAGS="-L/usr/local/opt/openssl/lib" CFLAGS="-I/usr/local/opt/openssl/include" pip install cryptography
Collecting cryptography
Using cached cryptography-1.3.1-cp27-cp27m-macosx_10_10_intel.whl
Collecting setuptools>=11.3 (from cryptography)
Using cached setuptools-20.10.1-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): enum34 in /Library/Python/2.7/site-packages (from cryptography)
Collecting ipaddress (from cryptography)
Using cached ipaddress-1.0.16-py27-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): pyasn1>=0.1.8 in /Library/Python/2.7/site-packages (from cryptography)
Requirement already satisfied (use --upgrade to upgrade): six>=1.4.1 in /System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python (from cryptography)
Collecting idna>=2.0 (from cryptography)
Using cached idna-2.1-py2.py3-none-any.whl
Requirement already satisfied (use --upgrade to upgrade): cffi>=1.4.1 in /Library/Python/2.7/site-packages (from cryptography)
Requirement already satisfied (use --upgrade to upgrade): pycparser in /Library/Python/2.7/site-packages (from cffi>=1.4.1->cryptography)
Installing collected packages: setuptools, ipaddress, idna, cryptography
Found existing installation: setuptools 1.1.6
Uninstalling setuptools-1.1.6:
Exception:
Traceback (most recent call last):
File "/Library/Python/2.7/site-packages/pip/basecommand.py", line 209, in main
status = self.run(options, args)
File "/Library/Python/2.7/site-packages/pip/commands/install.py", line 317, in run
prefix=options.prefix_path,
File "/Library/Python/2.7/site-packages/pip/req/req_set.py", line 726, in install
requirement.uninstall(auto_confirm=True)
File "/Library/Python/2.7/site-packages/pip/req/req_install.py", line 746, in uninstall
paths_to_remove.remove(auto_confirm)
File "/Library/Python/2.7/site-packages/pip/req/req_uninstall.py", line 115, in remove
renames(path, new_path)
File "/Library/Python/2.7/site-packages/pip/utils/__init__.py", line 267, in renames
shutil.move(old, new)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move
copytree(src, real_dst, symlinks=True)
File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree
raise Error, errors
Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py', "[Errno 1] Operation not permitted: '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc', "[Errno 1] Operation not permitted: '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py', "[Errno 1] Operation not permitted: '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc', "[Errno 1] Operation not permitted: '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib/markers.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib', "[Errno 1] Operation not permitted: '/var/folders/d9/75cfznt17cjc124j3stq3qc40000gn/T/pip-sbS3mg-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/_markerlib'")]
编辑:
我现在将我的 OpenSSL 升级到 1.0.2。仍然收到相同的错误。这是带有“ECDHE”的密码列表(显然站点服务器支持这些密码):
$ openssl ciphers -v 'ECDHE'
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384
ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1
ECDHE-ECDSA-AES256-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256
ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1
ECDHE-ECDSA-AES128-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1
ECDHE-RSA-RC4-SHA SSLv3 Kx=ECDH Au=RSA Enc=RC4(128) Mac=SHA1
ECDHE-ECDSA-RC4-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=RC4(128) Mac=SHA1
ECDHE-RSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=RSA Enc=3DES(168) Mac=SHA1
ECDHE-ECDSA-DES-CBC3-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=3DES(168) Mac=SHA1
ECDHE-RSA-NULL-SHA SSLv3 Kx=ECDH Au=RSA Enc=None Mac=SHA1
ECDHE-ECDSA-NULL-SHA SSLv3 Kx=ECDH Au=ECDSA Enc=None Mac=SHA1
【问题讨论】:
-
该问题通常是 SNI 支持,并且是已解决的 OSX 已知问题。请参阅问题here - 在评论中总结太长了。
-
您也可以尝试在您的
GET请求中将verify = False作为参数传递。这将放弃 SSL 验证过程,并可能缓解一些问题。 -
@AkshatMahajan:握手错误不是由验证问题引起的,因此禁用验证将无济于事。
-
@AkshatMahajan - 请不要提供这样的建议。另见The most dangerous code in the world: validating SSL certificates in non-browser software。
-
@AkshatMahajan 是的,我检查了该链接(实际上它也在我的帖子中)但是我已经尝试了该线程中提供的所有解决方案,但没有一个对我有用。唯一存在但我无法应用的解决方案是加密安装,但我不确定该安装是否有帮助。
标签: python ssl openssl handshake