禁止InsecureRequestWarning:在Python2.6中发出未经验证的HTTPS请求

问题:禁止InsecureRequestWarning:在Python2.6中发出未经验证的HTTPS请求

我正在使用pyVmomi并使用一种连接方法在Python2.6中编写脚本:

service_instance = connect.SmartConnect(host=args.ip,
                                        user=args.user,
                                        pwd=args.password)

我收到以下警告:

/usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

有趣的是,我没有随pip一起安装urllib3(但在/usr/lib/python2.6/site-packages/requests/packages/urllib3/中)。

我已经尝试按照这里的建议

import urllib3
...
urllib3.disable_warnings()

但这并没有改变任何东西。

I am writing scripts in Python2.6 with use of pyVmomi and while using one of the connection methods:

service_instance = connect.SmartConnect(host=args.ip,
                                        user=args.user,
                                        pwd=args.password)

I get the following warning:

/usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

What’s interesting is that I do not have urllib3 installed with pip (but it’s there in /usr/lib/python2.6/site-packages/requests/packages/urllib3/).

I have tried as suggested here

import urllib3
...
urllib3.disable_warnings()

but that didn’t change anything.


回答 0

您可以通过PYTHONWARNINGS环境变量禁用任何Python警告。在这种情况下,您需要:

export PYTHONWARNINGS="ignore:Unverified HTTPS request"

要禁用使用Python代码(requests >= 2.16.0):

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

对于requests < 2.16.0,请参见下面的原始答案。

原始答案

这样urllib3.disable_warnings()做对您不起作用的原因是,您似乎正在使用请求中提供的urllib3的单独实例。

我根据这里的路径收集此信息: /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py

要在请求的供应商urllib3中禁用警告,您需要导入模块的特定实例:

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

You can disable any Python warnings via the PYTHONWARNINGS environment variable. In this case, you want:

export PYTHONWARNINGS="ignore:Unverified HTTPS request"

To disable using Python code (requests >= 2.16.0):

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

For requests < 2.16.0, see original answer below.

Original answer

The reason doing urllib3.disable_warnings() didn’t work for you is because it looks like you’re using a separate instance of urllib3 vendored inside of requests.

I gather this based on the path here: /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py

To disable warnings in requests’ vendored urllib3, you’ll need to import that specific instance of the module:

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

回答 1

这是在2017年的答案urllib3不是的一部分requests

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

This is the answer in 2017. urllib3 not a part of requests anymore

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

回答 2

根据这个github评论,可以urllib3通过requests1-liner 禁用请求警告:

requests.packages.urllib3.disable_warnings()

但这不仅会抑制所有警告InsecureRequest(即也会抑制InsecurePlatform等)。如果我们只是想让东西起作用,我会觉得简洁很方便。

Per this github comment, one can disable urllib3 request warnings via requests in a 1-liner:

requests.packages.urllib3.disable_warnings()

This will suppress all warnings though, not just InsecureRequest (ie it will also suppress InsecurePlatform etc). In cases where we just want stuff to work, I find the conciseness handy.


回答 3

正确的方法是阅读所提供链接上的相关部分,并按照说明进行操作。根据CA证书-高级用法-要求2.8.1文档的特定方式requests(捆绑有其自己的副本urllib3):

  • requests 带有自己的证书捆绑包(但只能与模块一起更新)
  • 它将使用(因为requests v2.4.0certifi,而不是如果已安装它

HTTPS证书验证安全性措施不能轻易丢弃。它阻止了中间人攻击,从而保护了您免受第三方的侵害,例如在其中感染病毒,篡改或窃取数据。

如今,借助政府支持的全球黑客攻击活动(如量身定制的访问操作针对中国网络基础架构的中国防火墙),您比您想象的更有可能。

The correct way is to read the relevant section on the provided link and do as it says. The way specific for requests (which bundles with its own copy of urllib3), as per CA Certificates — Advanced Usage — Requests 2.8.1 documentation:

  • requests ships with its own certificate bundle (but it can only be updated together with the module)
  • it will use (since requests v2.4.0) the certifi package instead if it’s installed

The HTTPS certificate verification security measure isn’t something to be discarded light-heartedly. The Man-in-the-middle attack that it prevents safeguards you from a third party e.g. sipping a virus in or tampering with or stealing your data.

Which, with today’s government-backed global hacking operations like Tailored Access Operations and the Great Firewall of China that target network infrastructure, is more probable than you think.


回答 4

不耐烦的是,禁用python未经验证的HTTPS警告的快速方法:

export PYTHONWARNINGS="ignore:Unverified HTTPS request"

For impatient, a quick way to disable python unverified HTTPS warning:

export PYTHONWARNINGS="ignore:Unverified HTTPS request"

回答 5

如果某些软件包供应商拥有自己的urllib3副本,则可接受的答案不起作用,在这种情况下,它仍然有效:

import warnings

warnings.filterwarnings('ignore', message='Unverified HTTPS request')

The accepted answer doesn’t work if some package vendors it’s own copy of urllib3, in which case this will still work:

import warnings

warnings.filterwarnings('ignore', message='Unverified HTTPS request')

回答 6

我的PyVmomi Client也有类似的问题。使用Python版本2.7.9,我用以下代码行解决了这个问题:

default_sslContext = ssl._create_unverified_context()
self.client = \
                Client(<vcenterip>, username=<username>, password=<passwd>,
                       sslContext=default_sslContext )

请注意,要使其正常工作,您至少需要Python 2.7.9。

I had a similar issue with PyVmomi Client. With Python Version 2.7.9, I have solved this issue with the following line of code:

default_sslContext = ssl._create_unverified_context()
self.client = \
                Client(<vcenterip>, username=<username>, password=<passwd>,
                       sslContext=default_sslContext )

Note that, for this to work, you need Python 2.7.9 atleast.


回答 7

为什么不使用pyvmomi 原始功能 SmartConnectNoSSL。他们添加了此函数June 14, 2016并为其命名ConnectNoSSL将名称更改为一天后SmartConnectNoSSL,使用它而不是通过项目中不必要的代码行传递警告?

提供一种无需SSL验证即可连接到指定服务器的标准方法。在使用自签名证书连接到服务器或希望完全忽略SSL时很有用

service_instance = connect.SmartConnectNoSSL(host=args.ip,
                                             user=args.user,
                                             pwd=args.password)

Why not using pyvmomi original function SmartConnectNoSSL. They added this function on June 14, 2016 and named it ConnectNoSSL, one day after they changed the name to SmartConnectNoSSL, use that instead of by passing the warning with unnecessary lines of code in your project?

Provides a standard method for connecting to a specified server without SSL verification. Useful when connecting to servers with self-signed certificates or when you wish to ignore SSL altogether

service_instance = connect.SmartConnectNoSSL(host=args.ip,
                                             user=args.user,
                                             pwd=args.password)

回答 8

对于Python 2.7

将环境变量PYTHONWARNINGS作为键添加,并忽略相应的值,例如:

os.environ['PYTHONWARNINGS']="ignore:Unverified HTTPS request"

For Python 2.7

Add the environment variable PYTHONWARNINGS as key and the corresponding value to be ignored like:

os.environ['PYTHONWARNINGS']="ignore:Unverified HTTPS request"