zeep requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)答案

【问题标题】：zeep requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)zeep requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)
【发布时间】：2017-03-23 13:26:47
【问题描述】：

我尝试在 zeep lib for python 的帮助下创建 SOAP 客户端

import os
from zeep import Client
from zeep.wsse.signature import Signature

key_filename = "/etc/ssl/certs/cert.key.pem"
cert_filename = "/etc/ssl/certs/cert.crt.pem"

client = Client('https://37.230.149.6:10004/emias-soap-service/PGUServicesInfo2?wsdl', wsse=Signature(key_filename, cert_filename))

还有这个例外：

Traceback (most recent call last):
  File "/home/max/bot_project/Bots_Django/TelegramBot/bot/simple_soap_client.py", line 19, in <module>
    wsse=Signature(key_filename, cert_filename))
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/client.py", line 120, in __init__
    self.wsdl = Document(wsdl, self.transport, strict=strict)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/wsdl/wsdl.py", line 76, in __init__
    document = self._get_xml_document(location)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/wsdl/wsdl.py", line 137, in _get_xml_document
    location, self.transport, self.location, strict=self.strict)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/loader.py", line 66, in load_external
    content = transport.load(url)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/transports.py", line 111, in load
    content = self._load_remote_data(url)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/zeep/transports.py", line 126, in _load_remote_data
    response = self.session.get(url, timeout=self.load_timeout)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 501, in get
    return self.request('GET', url, **kwargs)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/home/max/bot_project/Bots_Django/venv/local/lib/python2.7/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'ssl3_get_server_certificate', 'certificate verify failed')],)",)

如何修复此异常以及我的代码有什么问题？

【问题讨论】：

标签： python ssl openssl python-requests zeep

【解决方案1】：

将Session 对象显式传递给您的zeep Client（通过Transport 对象）并设置verify=False

这是一个例子：

from requests import Session
from zeep import Client
from zeep.transports import Transport
from zeep.wsse.signature import Signature

import os

key_filename = "/etc/ssl/certs/cert.key.pem"
cert_filename = "/etc/ssl/certs/cert.crt.pem"

session = Session()
session.verify = False

client = Client(
    'https://37.230.149.6:10004/emias-soap-service/PGUServicesInfo2?wsdl',
    wsse=Signature(key_filename, cert_filename),
    transport=Transport(session=session)
)

另外，您也应该这样做，将session.verify 设置为 CA 授权证书（安装在您的服务器 ROOT 和 SUB 证书上的证书的颁发者），例如：

session.verify = "/path/to/ca_cert.pem"

如果证书的颁发者与ca_cert.pem中的颁发者相同，这基本上会告诉您的python脚本信任该URL

【讨论】：

【解决方案2】：

这对我有用-

session.verify = False

【讨论】：

这给出了错误：未定义名称“会话”。您可以为您的解决方案添加会话导入吗？
@Sankalp 请同时提及session 变量的来源。这是一个不完整的答案。

【解决方案3】：

我认为你需要使用 verify=False

【讨论】：