1. 首页
  2. 问答
  3. pychef中的ssl证书验证

pychef中的ssl证书验证

2015-09-18 42 views
1

我正在尝试使用python连接到厨师api。我使用pychef从python连接到厨师。pychef中的ssl证书验证

以下是代码:

import chef 
with chef.ChefAPI('https://chef-e.xxxx.com:443/organizations/xxxx', '/root/.chef/rajgourav.pem', 'rajgourav'): 
    n = chef.Node('chef-e.xxxx.com')

我得到以下证书错误:

[[email protected] py]# /appl/python27/bin/python mychef.py 
Traceback (most recent call last): 
File "mychef.py", line 6, in <module> 
n = chef.Node('chef-e.xxxx.com') 
File "/appl/python27/lib/python2.7/site-packages/chef/base.py", line 58, in __init__ 
data = self.api[self.url] 
File "/appl/python27/lib/python2.7/site-packages/chef/api.py", line 229, in __getitem__ 
return self.api_request('GET', path) 
File "/appl/python27/lib/python2.7/site-packages/chef/api.py", line 225, in api_request 
response = self.request(method, path, headers, data) 
File "/appl/python27/lib/python2.7/site-packages/chef/api.py", line 208, in request 
response = self._request(method, self.url+path, data, dict((k.capitalize(), v) for k, v in request_headers.iteritems())) 
File "/appl/python27/lib/python2.7/site-packages/chef/api.py", line 195, in _request 
return urllib2.urlopen(request).read() 
File "/appl/python27/lib/python2.7/urllib2.py", line 154, in urlopen 
return opener.open(url, data, timeout) 
File "/appl/python27/lib/python2.7/urllib2.py", line 431, in open 
response = self._open(req, data) 
File "/appl/python27/lib/python2.7/urllib2.py", line 449, in _open 
'_open', req) 
File "/appl/python27/lib/python2.7/urllib2.py", line 409, in _call_chain 
result = func(*args) 
File "/appl/python27/lib/python2.7/urllib2.py", line 1240, in https_open 
context=self._context) 
File "/appl/python27/lib/python2.7/urllib2.py", line 1197, in do_open 
raise URLError(err) 
urllib2.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)>

能否请你帮我解决SSL证书错误。我知道我必须接受证书并将其添加到可信证书列表中,但不知道如何在python中执行此操作。

P.S.我能够在没有任何问题的情况下使用刀。

我尝试使用ssl_verify PARAM但我得到错误:从api.py

TypeError: __init__() got an unexpected keyword argument 'ssl_verify' 


def __init__(self, url, key, client, version='0.10.8', headers={}):

我的ENV一些信息:

[[email protected] py]# /appl/python27/bin/python 
Python 2.7.10 (default, Aug 8 2015, 06:25:19) 
[GCC 4.4.7 20120313 (Red Hat 4.4.7-16)] on linux2 
Type "help", "copyright", "credits" or "license" for more information. 
>>> import chef 
>>> chef.__version__ 
(0, 2, 3, 'dev') 
>>>

谢谢, Rajgourav Jain

来源

2015-09-18 Rajgourav Jain

+0

我也更新了我的答案,以反映您的修改。 – StephenKing

回答

2

__init__ method of ChefAPI具有以下特征:

def __init__(self, url, key, client, version='0.10.8', headers={}, ssl_verify=True):

所以,很显然,你必须在参数ssl_verify设置为False

import chef 
with chef.ChefAPI(
    'https://chef-e.xxxx.com:443/organizations/xxxx', 
    '/root/.chef/rajgourav.pem', 
    'rajgourav', 
    ssl_verify=False):

不过说实在的,这仍然是在documentation失踪。

编辑:的确,这似乎是一个尚未发布的变化(v0.2.3 tag尚未包含此选项)。因此,无论是使用主分支的源代码还是唠叨作者推出新版本。

来源

2015-09-18 07:21:13 StephenKing

+0

如何修复证书的信任而不是禁用验证? python不能利用SSL_CERT_FILE环境变量(或者给出一个CA列表?)。这意味着将自签名证书添加到此列表中,[我的关于添加证书的答案](http://stackoverflow.com/questions/25604784/chef-berkshelf3-proxy-settings-windows-platform/25605415#25605415) – Tensibai

+0

Sure这可能是更好的方法。我没有使用pychef,所以我不知道确切的细节。 – StephenKing

+0

根据堆栈跟踪它是urllib2的问题,而不是自己做python我只是给出了这个想法,以防万一你已经处理了它;) – Tensibai

相关问题

 相关问题