问题:使用请求包时发生SSL InsecurePlatform错误
我正在使用Python 2.7.3和请求。我通过pip安装了Requests。我相信这是最新版本。我正在Debian Wheezy上运行。
过去,我已经使用Requests很多次了,但是从未遇到过这个问题,但是当Requests
我发出https请求时,似乎出现了InsecurePlatform
异常。
错误提到urllib3
,但我没有安装。我确实安装了它以检查它是否解决了错误,但是没有成功。
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3
/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not
available. This prevents urllib3 from configuring SSL appropriately and
may cause certain SSL connections to fail. For more information, see
https://urllib3.readthedocs.org/en/latest
/security.html#insecureplatformwarning.
关于我为什么要得到这个的任何想法?我已经按照错误消息中的说明检查了文档,但是文档说要导入urllib3并禁用警告或提供证书。
Im using Python 2.7.3 and Requests. I installed Requests via pip. I believe it’s the latest version. I’m running on Debian Wheezy.
I’ve used Requests lots of times in the past and never faced this issue, but it seems that when making https requests with Requests
I get an InsecurePlatform
exception.
The error mentions urllib3
, but I don’t have that installed. I did install it to check if it resolved the error, but it didn’t.
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3
/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not
available. This prevents urllib3 from configuring SSL appropriately and
may cause certain SSL connections to fail. For more information, see
https://urllib3.readthedocs.org/en/latest
/security.html#insecureplatformwarning.
Any ideas as to why I’m getting this? I’ve checked the docs, as specified in the error message, but the docs are saying to import urllib3 and either disable the warning, or provide a certificate.
回答 0
使用有些隐藏的安全功能:
pip install requests[security]
要么
pip install pyOpenSSL ndg-httpsclient pyasn1
这两个命令都安装以下额外的软件包:
请注意,这对于python-2.7.9 +不是必需的。
如果pip install
失败并显示错误,请检查您是否具有必需的开发包libffi
,libssl
并使用发行版的包管理器将其python
安装在系统中:
上面的发行列表不完整。
解决方法(请参阅@TomDotTom的原始答案):
万一您无法安装某些必需的开发包,还有一个选项可以禁用该警告:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
如果您pip
自己受到InsecurePlatformWarning
PyPI的影响并且无法从PyPI安装任何东西,则可以通过此分步指南进行修复,以手动部署其他python软件包。
Use the somewhat hidden security feature:
pip install requests[security]
or
pip install pyOpenSSL ndg-httpsclient pyasn1
Both commands install following extra packages:
- pyOpenSSL
- cryptography
- idna
Please note that this is not required for python-2.7.9+.
If pip install
fails with errors, check whether you have required development packages for libffi
, libssl
and python
installed in your system using distribution’s package manager:
Distro list above is incomplete.
Workaround (see the original answer by @TomDotTom):
In case you cannot install some of the required development packages, there’s also an option to disable that warning:
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
If your pip
itself is affected by InsecurePlatformWarning
and cannot install anything from PyPI, it can be fixed with this step-by-step guide to deploy extra python packages manually.
回答 1
在2.6版之前,Requests 2.6针对python的用户引入了此警告,仅提供了可用的SSL模块。
假设您无法升级到新版本的python,这将安装更多最新的python SSL库:
pip install --upgrade ndg-httpsclient
但是,在某些没有pyOpenSSL的构建依赖性的系统上,这可能会失败。在debian系统上,在上面的pip命令之前运行此命令足以使pyOpenSSL构建:
apt-get install python-dev libffi-dev libssl-dev
Requests 2.6 introduced this warning for users of python prior to 2.7.9 with only stock SSL modules available.
Assuming you can’t upgrade to a newer version of python, this will install more up-to-date python SSL libraries:
pip install --upgrade ndg-httpsclient
HOWEVER, this may fail on some systems without the build-dependencies for pyOpenSSL. On debian systems, running this before the pip command above should be enough for pyOpenSSL to build:
apt-get install python-dev libffi-dev libssl-dev
回答 2
我不会在生产中使用它,只是一些测试跑步者。并重申urllib3文档
如果您知道自己在做什么,并想禁用此警告和其他警告
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
编辑/更新:
以下内容也应该起作用:
import logging
import requests
# turn down requests log verbosity
logging.getLogger('requests').setLevel(logging.CRITICAL)
I don’t use this in production, just some test runners. And to reiterate the urllib3 documentation
If you know what you are doing and would like to disable this and
other warnings
import requests.packages.urllib3
requests.packages.urllib3.disable_warnings()
Edit / Update:
The following should also work:
import logging
import requests
# turn down requests log verbosity
logging.getLogger('requests').setLevel(logging.CRITICAL)
回答 3
回答 4
实际上,您可以尝试一下。
requests.post("https://www.google.com", verify=False)
您可以阅读请求代码。
"C:\Python27\Lib\site-packages\requests\sessions.py"
class Session(SessionRedirectMixin):
......
def request(self, method, url,
params=None,
data=None,
headers=None,
cookies=None,
files=None,
auth=None,
timeout=None,
allow_redirects=True,
proxies=None,
hooks=None,
stream=None,
verify=None, # <========
cert=None):
"""
...
:param verify: (optional) if True, the SSL cert will be verified.
A CA_BUNDLE path can also be provided.
...
"""
In fact, you can try this.
requests.post("https://www.google.com", verify=False)
you can read the code for requests.
"C:\Python27\Lib\site-packages\requests\sessions.py"
class Session(SessionRedirectMixin):
......
def request(self, method, url,
params=None,
data=None,
headers=None,
cookies=None,
files=None,
auth=None,
timeout=None,
allow_redirects=True,
proxies=None,
hooks=None,
stream=None,
verify=None, # <========
cert=None):
"""
...
:param verify: (optional) if True, the SSL cert will be verified.
A CA_BUNDLE path can also be provided.
...
"""
回答 5
这里给出的所有解决方案都没有帮助(我仅限于python 2.6.6)。我在一个简单的开关中找到了要传递给pip的答案:
$ sudo pip install --trusted-host pypi.python.org <module_name>
这告诉pip,可以从pypi.python.org抓取模块。
对我来说,问题是防火墙后的我公司的代理服务器,使它看起来像某些服务器的恶意客户端。万岁安全。
更新:有关PyPi域中的更改以及可以添加的其他选项,请参见@Alex 的
答案--trusted-host
。(我将在此处复制/粘贴,但是他的回答是,所以+1)
All of the solutions given here haven’t helped (I’m constrained to python 2.6.6). I’ve found the answer in a simple switch to pass to pip:
$ sudo pip install --trusted-host pypi.python.org <module_name>
This tells pip that it’s OK to grab the module from pypi.python.org.
For me, the issue is my company’s proxy behind it’s firewall that makes it look like a malicious client to some servers. Hooray security.
Update: See @Alex ‘s
answer for changes in the PyPi domains, and additional --trusted-host
options that can be added. (I’d copy/paste here, but his answer, so +1 him)
回答 6
这个答案无关紧要,但是如果您想摆脱警告并从请求中获得以下警告:
InsecurePlatformWarning
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
您可以通过将以下行添加到python代码中来禁用它:
requests.packages.urllib3.disable_warnings()
This answer is unrelated, but if you wanted to get rid of warning and get following warning from requests:
InsecurePlatformWarning
/usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/util/ssl_.py:79: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
You can disable it by adding the following line to your python code:
requests.packages.urllib3.disable_warnings()
回答 7
我必须先去bash
(从ZSH)。然后
sudo -H pip install 'requests[security]' --upgrade
解决了问题。
I had to go to bash
(from ZSH) first. Then
sudo -H pip install 'requests[security]' --upgrade
fixed the problem.
回答 8
过去的一周来了,我在Ubuntu 14.04(与Python 2.7.6),我做了之后apt-get dist-upgrade
,包括libssl1.1:amd64
从deb.sury.org
。
由于我是certbot-auto renew
来自Cron作业,因此我也使用--no-self-upgrade
来减少计划外的维护。这似乎是麻烦的根源。
要解决该错误,我所需要做的就是成为root用户(使用su
的--login
开关),然后certbot-auto
进行自我升级。即:
sudo su --login
/usr/local/bin/certbot-auto renew
# ... Upgrading certbot-auto 0.8.1 to 0.18.2... blah blah blah ...
而不是通常从root的crontab运行的内容:
5 7 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade
之后,letsencrypt renwals再次正常运行。
This came up for me on Ubuntu 14.04 (with Python 2.7.6) last week after i did a apt-get dist-upgrade
that included libssl1.1:amd64
from deb.sury.org
.
Since I run certbot-auto renew
from a cron job, I also use the --no-self-upgrade
to cut down on unscheduled maintenance. This seems to have been the source of the trouble.
To fix the error, all I needed to do was become root (with su
‘s --login
switch) and let certbot-auto
upgrade itself. I.e:
sudo su --login
/usr/local/bin/certbot-auto renew
# ... Upgrading certbot-auto 0.8.1 to 0.18.2... blah blah blah ...
instead of what normally runs from root’s crontab:
5 7 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade
After that, letsencrypt renwals ran normally once again.
回答 9
对我来说没有工作,我需要升级点…。
Debian / Ubuntu
安装依赖
sudo apt-get install libpython-dev libssl-dev libffi-dev
升级pip并安装软件包
sudo pip install -U pip
sudo pip install -U pyopenssl ndg-httpsclient pyasn1
如果要删除依赖项
sudo apt-get remove --purge libpython-dev libssl-dev libffi-dev
sudo apt-get autoremove
For me no work i need upgrade pip….
Debian/Ubuntu
install dependencies
sudo apt-get install libpython-dev libssl-dev libffi-dev
upgrade pip and install packages
sudo pip install -U pip
sudo pip install -U pyopenssl ndg-httpsclient pyasn1
If you want remove dependencies
sudo apt-get remove --purge libpython-dev libssl-dev libffi-dev
sudo apt-get autoremove
回答 10
我在CentOS 5服务器上遇到了类似的问题,在较旧版本的python2.7之上的/ usr / local中安装了python 2.7.12。目前尚无法在此服务器上升级到CentOS 6或7。
某些python 2.7模块仍旧存在于较早版本的python中,但是pip升级失败,因为CentOS 5软件包不支持较新的加密软件包。
具体来说,“ pip安装请求[安全]”失败了,因为CentOS 5上的openssl版本是0.9.8e,而加密> 1.4.0不再支持。
为了解决OP的原始问题,我做到了:
1) pip install 'cryptography<1.3.5,>1.3.0'.
此安装的加密技术1.3.4可与openssl-0.9.8e一起使用。cryptograpy 1.3.4也足以满足以下命令的要求。
2) pip install 'requests[security]'
现在安装此命令,因为它不会尝试安装> 1.4.0的密码。
请注意,在Centos 5上,我还需要:
yum install openssl-devel
允许建立密码
I just had a similar issue on a CentOS 5 server where I installed python 2.7.12 in /usr/local on top of a much older version of python2.7. Upgrading to CentOS 6 or 7 isn’t an option on this server right now.
Some of the python 2.7 modules were still existing from the older version of python, but pip was failing to upgrade because the newer cryptography package is not supported by the CentOS 5 packages.
Specifically, ‘pip install requests[security]’ was failing because the openssl version on the CentOS 5 was 0.9.8e which is no longer supported by cryptography > 1.4.0.
To solve the OPs original issue I did:
1) pip install 'cryptography<1.3.5,>1.3.0'.
This installed cryptography 1.3.4 which works with openssl-0.9.8e. cryptograpy 1.3.4 is also sufficient to satisfy the requirement for the following command.
2) pip install 'requests[security]'
This command now installs because it doesn’t try to install cryptography > 1.4.0.
Note that on Centos 5 I also needed to:
yum install openssl-devel
To allow cryptography to build
回答 11
下面是它在Python 3.6上对我的工作方式:
import requests
import urllib3
# Suppress InsecureRequestWarning: Unverified HTTPS
urllib3.disable_warnings()
Below is how it’s working for me on Python 3.6:
import requests
import urllib3
# Suppress InsecureRequestWarning: Unverified HTTPS
urllib3.disable_warnings()
回答 12
不要安装pyOpenSSL,因为它将很快被弃用。目前最好的方法是-
import requests
requests.packages.urllib3.disable_warnings()
Dont install pyOpenSSL as it shall soon be deprecated. Current best approach is-
import requests
requests.packages.urllib3.disable_warnings()
回答 13
如果您只想停止不安全的警告,例如:
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:794:InsecureRequestWarning:发出未经验证的HTTPS请求。强烈建议添加证书验证。请参阅:
https:
//urllib3.readthedocs.org/en/latest/security.html InsecureRequestWarning)
做:
requests.METHOD("https://www.google.com", verify=False)
验证=假
是关键,以下方面并不擅长:
requests.packages.urllib3.disable_warnings()
要么
urllib3.disable_warnings()
但是,您必须知道,这可能会导致潜在的安全风险。
if you just want to stopping insecure warning like:
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:794:
InsecureRequestWarning: Unverified HTTPS request is being made. Adding
certificate verification is strongly advised. See:
https://urllib3.readthedocs.org/en/latest/security.html
InsecureRequestWarning)
do:
requests.METHOD("https://www.google.com", verify=False)
verify=False
is the key, followings are not good at it:
requests.packages.urllib3.disable_warnings()
or
urllib3.disable_warnings()
but, you HAVE TO know, that might cause potential security risks.
回答 14
Mac
Pycharm社区版2019.3
Python解释器3.6 遇到相同的问题。
用20.0.2升级点对我有用。
Pycharm --> Preferences --> Project Interpreter --> click on pip --> specify version 20.0.2 --> Install package
I had same problem with
Mac
Pycharm community edition 2019.3
Python interpreter 3.6.
Upgrading pip with 20.0.2 worked for me.
Pycharm --> Preferences --> Project Interpreter --> click on pip --> specify version 20.0.2 --> Install package