SSL错误握手错误10054“WSAECONNRESET”
笔记:
versions
Python 2.7.11 and my requests version is '2.10.0'
'OpenSSL 1.0.2d 9 Jul 2015'
Please read the below comment by Martijn Pieters before reproducing
最初我试图从https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx使用如下代码
代码1:
>>> import requests
>>> requests.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx",verify=False)
错误:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\api.py", line 67, in get
return request('get', url, params=params, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\api.py", line 53, in request
return session.request(method=method, url=url, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESE
T')",)
在谷歌搜索之后,我发现您已经使用了SSL验证,使用适配器会话可以解决这个问题。但我仍然有错误,请找到下面的代码和错误
代码2:
import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
import ssl
import traceback
class MyAdapter(HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,
maxsize=maxsize,
block=block,
ssl_version=ssl.PROTOCOL_TLSv1)
s = requests.Session()
s.mount('https://', MyAdapter())
print "Mounted "
r = s.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx", stream=True, timeout=120)
错误:
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 480, in get
return self.request('GET', url, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 468, in request
resp = self.send(prep, **send_kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\sessions.py", line 576, in send
r = adapter.send(request, **kwargs)
File "C:\Users\mob140003207\AppData\Local\Enthought\Canopy\User\lib\site-packa
ges\requests\adapters.py", line 447, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: ("bad handshake: SysCallError(10054, 'WSAECONNRESET')",)
共有3个答案
我使用python 2.7.6,这个简单的例子仍然在我的ubuntu 14.04上工作
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
with open('out.docx', 'wb') as h :
r = requests.get("https://www.neco.navy.mil/necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx", verify=False, stream=True)
for block in r.iter_content(1024):
h.write(block)
此代码段适用于windows7上的我(py2.7.11 64位请求==2.10.0):
import requests
import ssl
import traceback
import shutil
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.poolmanager import PoolManager
class MyAdapter(HTTPAdapter):
def init_poolmanager(self, connections, maxsize, block=False):
self.poolmanager = PoolManager(num_pools=connections,
maxsize=maxsize,
block=block,
ssl_version=ssl.PROTOCOL_TLSv1)
if __name__ == "__main__":
s = requests.Session()
s.mount('https://', MyAdapter())
print "Mounted "
filename = "N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx"
r = s.get(
"https://www.neco.navy.mil/necoattach/{0}".format(filename), verify=False, stream=True, timeout=120)
if r.status_code == 200:
with open(filename, 'wb') as f:
r.raw.decode_content = True
shutil.copyfileobj(r.raw, f)
首先,我确认主机,www.neco。海军mil,无法从任何地方访问。从某些网络(地理位置)它可以工作*,从其他网络连接只是挂起:
$ curl www.neco.navy.mil
curl: (7) couldn't connect to host
$ curl https://www.neco.navy.mil
curl: (7) couldn't connect to host
第二,当可以建立连接时,存在证书问题:
$ curl -v https://www.neco.navy.mil
* Rebuilt URL to: https://www.neco.navy.mil/
* Hostname was NOT found in DNS cache
* Trying 205.85.2.133...
* Connected to www.neco.navy.mil (205.85.2.133) port 443 (#0)
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS alert, Server hello (2):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
不信任CA(DoD Root CA 2)。而且它不在链上。请注意,OpenSSL验证过程需要整个链:
首先,建立一个证书链,从提供的证书开始,到根CA结束。如果不能建立整个链,则是错误的。
但只有www.neco.navy.mil-
在Python方面,情况不会有太大不同。如果无法访问CA,则只能完全禁用证书验证(当然是在解决连接问题之后)。如果你有,你可以使用Cafile。
#!/usr/bin/env python
# -*- coding: utf-8 -*-
import urllib2
import ssl
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
r = urllib2.urlopen('https://www.neco.navy.mil/'
'necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',
timeout = 5, context = ctx)
print(len(r.read()))
r = urllib2.urlopen('https://www.neco.navy.mil/'
'necoattach/N6945016R0626_2016-06-20__INFO_NAS_Pensacola_Base_Access.docx',
timeout = 5, cafile = '/path/to/DODCA-28_and_DoD_Root_CA_2.pem')
print(len(r.read()))
要使用特定版本的Python进行复制,请使用简单的Dockerfile,如下所示:
FROM python:2.7.11
WORKDIR /opt
ADD . ./
CMD dpkg -s openssl | grep Version && ./app.py
然后运行:
docker build -t ssl-test .
docker run --rm ssl-test
-
我们有一个SSL问题,我是99%,这不是你通常的证书信任商店旋转木马。 我们有一个Weblogic服务器试图通过LDAPS与Active Directory建立SSL连接,底层SSL实现是JSSE。 有时,它是有效的。通常在重新启动Weblogic后的几个小时内。 之后,我们开始得到SSL握手错误,与SSL调试打开我们看到: [ACTIVE]ExecuteThread:'10'用于队列:'webl
-
我们有一个应用程序,它将一些xml数据发布到另一个应用程序,并通过ApacheWeb服务器(版本2.2.26)反向代理传输流量。我们观察到一些零星的代理错误(http响应代码500)-删除服务器的SSL握手错误。错误消息显示在apache web服务器错误日志中。 早些时候,我们使用sunOne网络服务器,我们没有注意到这个错误。我怀疑可能是apache网络服务器上的一些缺失配置导致了这个问题。这
-
我正在尝试使用SSL证书将java客户端与JMX服务器连接。 但是不幸的是,这个连接给出了一个SSL握手错误。当我尝试使用< code >-DJ avax . net . debug = all 标志对此进行调试时,我在java客户端上得到以下错误消息。 2016-07-15T13:29:50.02-0700[APP/0]退出RMI更新清洁-[10.200.0.27:44445,javax.rmi
-
> 客户端发送带有密码套件中包含的密码的“Client Hello”消息。 在server.xml中,这些密码都不出现。以下是catalina的条目: 连接器port=“4443”sslenabled=“true”acceptcount=“20000”maxthreads=“5000”allowtrace=“false”scheme=“https”secure=“true”clientauth=“
-
我试图通过SSL连接(在我的独立应用程序和Tomcat提供的其他应用程序之间发送一些数据): 不幸的是,我的独立应用程序中出现了一个错误: 原因:javax。网ssl。例外:太阳。安全验证器。ValidatorException:PKIX路径生成失败:sun。安全供应商。certpath。SunCertPathBuilderException:无法在com上找到请求目标的有效证书路径。太阳网ssl
-
我打以下电话给branch.io 它在我的本地机器上运行良好,但在服务器上出现故障。 Openssl版本: 本地:OpenSSL 0 . 9 . 8 ZG 2015年7月14日 服务器:OpenSSL 0.9.8e-fips-rhel5 2008年7月1日 Python: 本地:2.7.10服务器:2.7.6 分支io服务器连接: Chrome 已验证 DigiCert SHA2 安全服务器 CA