问题描述
我对 Python 的请求库中的 SSL 验证有疑问,但我认为这比这更笼统.
I have a question regarding SSL verification within the requests library for Python, but I believe it to me more general than that.
我目前忽略证书验证,因为我需要连接的第三方 API 使用的是自签名证书.
I am currently ignoring certificate verification because the third party API I need to connect to is using a self-signed certificate.
在请求中关闭 SSL 验证有什么影响?以及在现实世界中不验证 SSL 证书的含义是什么.我可以保证传输的数据是安全/加密的吗?
What are the implications for turning SSL verification off in requests? And what are the implications for not verifying SSL certificates in the real-world. Can I gaurantee the data transported is secure/encrypted?
推荐答案
这是一个安全问题,因为任何人都可以欺骗此证书并拦截您的流量.您应该只将自签名证书添加到使用 API 的机器的可信证书链中.您如何执行此操作取决于操作系统和特定设置,但快速 google 将引导您找到正确的解决方案.
This is a security sin, as anyone could spoof this certificate and intercept your traffic. You should just add the self-signed certificate to the trusted certificate chain of the machine which is using the API.How you do that depends on the operating system and specific setup, but a quick google will guide you to the right solution.
这篇关于忽略 SSL 证书验证的含义是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!