在Python2.6中，未验证的HTTPS请求正在被做

I am writing scripts in Python2.6 with use of pyVmomi and while using one of the connection methods:

我正在使用pyVmomi编写Python2.6中的脚本，并使用其中的一种连接方法:

service_instance = connect.SmartConnect(host=args.ip,
                                        user=args.user,
                                        pwd=args.password)

I get the following warning:

我得到以下警告:

/usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

What's interesting is that I do not have urllib3 installed with pip (but it's there in /usr/lib/python2.6/site-packages/requests/packages/urllib3/).

有趣的是，我没有使用pip安装urllib3(但是它存在于/usr/lib/python2.6/site-package /请求/包/urllib3/)。

I have tried as suggested here

我已经按建议试过了

import urllib3
...
urllib3.disable_warnings()

but that didn't change anything.

但这并没有改变什么。

9 个解决方案

#1

417

Update (2017-07-28): If you're using a modern version of these libraries, they may no longer be vendored. If that's the case, then you'll only need to do:

更新(2017-07-28):如果你使用的是现代版本的这些库，它们可能不再是自动的。如果是这样的话，你只需要:

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

If you're still using a version of Requests which vendors urllib3 inside of it (like the original question), then you can use the original answer below:

如果你还在使用由供应商urllib3提供的请求版本(如原始问题)，那么你可以使用以下原始答案:

Original answer:

最初的回答:

The reason doing urllib3.disable_warnings() didn't work for you is because it looks like you're using a separate instance of urllib3 vendored inside of requests.

做urllib3.disable_warning()并不适合您的原因是看起来您使用的是请求内部的一个urllib3 vend3的单独实例。

I gather this based on the path here: /usr/lib/python2.6/site-packages/requests/packages/urllib3/connectionpool.py

我根据这里的路径收集这个:/usr/lib/python2.6/站点包/请求/包/urllib3/connectionpool.py

To disable warnings in requests' vendored urllib3, you'll need to import that specific instance of the module:

要禁用请求“自动售货urllib3”中的警告，您需要导入模块的那个特定实例:

import requests
from requests.packages.urllib3.exceptions import InsecureRequestWarning

requests.packages.urllib3.disable_warnings(InsecureRequestWarning)

#2

This is the answer in 2017. I think urllib3 not a part of requests anymore

这就是2017年的答案。我认为urllib3不再是请求的一部分

import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

#3

The correct way is to read the relevant section on the provided link and do as it says. The way specific for requests (which bundles with its own copy of urllib3), as per CA Certificates — Advanced Usage — Requests 2.8.1 documentation:

正确的方法是阅读所提供的链接的相关部分并按照它所说的那样做。特定于请求的方式(它包含自己的urllib3副本)，如CA证书—高级使用—请求2.8.1文档:

requests ships with its own certificate bundle (but it can only be updated together with the module)
请求附带自己的证书包(但只能与模块一起更新)
it will use (since requests v2.4.0) the certifi package instead if it's installed
如果安装了，它将使用(因为请求v2.4.0) certifi包

The HTTPS certificate verification security measure isn't something to be discarded light-heartedly. The Man-in-the-middle attack that it prevents safeguards you from a third party e.g. sipping a virus in or tampering with or stealing your data.

HTTPS证书验证安全措施不是可以随意丢弃的。在中间人攻击中，它阻止了你从第三方的保护，例如，啜饮病毒，或篡改或窃取你的数据。

Which, with today's government-backed global hacking operations like Tailored Access Operations and the Great Firewall of China that target network infrastructure, is more probable than you think.

在今天由*支持的全球黑客行动，如量身定制的访问操作和中国的防火墙，目标网络基础设施，比你想象的更有可能。

#4

Per this github comment, one can disable urllib3 request warnings via requests in a 1-liner:

根据github的这条评论，你可以通过1-line中的请求禁用urllib3请求警告:

requests.packages.urllib3.disable_warnings()

requests.packages.urllib3.disable_warnings()

This will suppress all warnings though, not just InsecureRequest (ie it will also suppress InsecurePlatform etc). In cases where we just want stuff to work, I find the conciseness handy.

这将会抑制所有的警告，而不仅仅是虫类(比如它也会抑制InsecurePlatform等)。在我们只是想让事情正常工作的情况下，我发现简洁很方便。

#5

For impatient, a quick way to disable python unverified HTTPS warning:

对于不耐烦的用户，一种禁用python未经验证的HTTPS警告的快速方法:

export PYTHONWARNINGS="ignore:Unverified HTTPS request"

#6

I had a similar issue with PyVmomi Client. With Python Version 2.7.9, I have solved this issue with the following line of code:

我和PyVmomi的客户也有类似的问题。使用Python版本2.7.9，我用以下代码行解决了这个问题:

default_sslContext = ssl._create_unverified_context()
self.client = \
                Client(<vcenterip>, username=<username>, password=<passwd>,
                       sslContext=default_sslContext )

Note that, for this to work, you need Python 2.7.9 atleast.

注意，要使其工作，至少需要Python 2.7.9。

#7

Why not using pyvmomi original function SmartConnectNoSSL. They added this function on June 14, 2016 and named it ConnectNoSSL, one day after they changed the name to SmartConnectNoSSL, use that instead of by passing the warning with unnecessary lines of code in your project?

为什么不使用pyvmomi原始函数SmartConnectNoSSL呢?2016年6月14日，他们添加了这个功能，并将其命名为ConnectNoSSL，就在一天前，他们将名称改为SmartConnectNoSSL，而不是在项目中传递带有不必要代码行的警告?

Provides a standard method for connecting to a specified server without SSL verification. Useful when connecting to servers with self-signed certificates or when you wish to ignore SSL altogether

提供一个标准的方法，用于连接到指定的服务器，而无需SSL验证。在使用自签名证书连接到服务器或希望完全忽略SSL时非常有用

service_instance = connect.SmartConnectNoSSL(host=args.ip,
                                             user=args.user,
                                             pwd=args.password)

#8

For Python 2.7

对于Python 2.7

Add the environment variable PYTHONWARNINGS as key and the corresponding value to be ignored like:

将环境变量python警告作为键，并将相应的值忽略如下:

os.environ['PYTHONWARNINGS']="ignore:Unverified HTTPS request"

操作系统。环境[' PYTHONWARNINGS ']=“忽略:未经证实的HTTPS请求”

#9

-4

Resolved the issue on my MacBook:

解决了我的MacBook上的问题:

pip install certifi

或

pip3 install certifi

#1

417