How can I verify my selfsigned certificate when us

2019-08-08 12:06发布

站内问答 / Python
1049 1 4

I know how to connect to my owncloud with python, by using easywebdav.

I'm using a selfsigned certificate and verify_ssl=False, but that makes me vulnerable to man-in-the-middle attacks, the only reason to use ssl in the first place.

I'm using Fedora and tried adding my servers certificate to $HOME/.pki/CA/cacert.pem, but it still fails.

1条回答
祖国的老花朵
2楼-- · 2019-08-08 12:54

You already have your server certificate in $HOME/.pki/CA/cacert.pem. But to be complete for others, you can get a certificate with python like this:

import ssl
import os
# get the https certificate
cert = ssl.get_server_certificate(('example.com', 443))
# append it to my personal chain
pem_path = os.path.expanduser('~/.pki/CA/cacert.pem')
with open(pem_path, 'a+') as f:
    f.write(cert)

Then to use it in easywebdav. Easywebdav builds on requests. And the verify_ssl is used as requests.Session.verify Requests docs say it accepts a boolean (True uses the default chain) or a path to a CA_BUNDLE.

So this should work:

import easywebdav
pem_path = os.path.expanduser('~/.pki/CA/cacert.pem')
webdav = easywebdav.connect('example.com', username='user', password='pass', 
                            protocol='https', port=443,
                            verify_ssl=pem_path)
...
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)