本文目录导读:

处理Python爬虫中的SSL证书验证,主要有以下几种方式:
验证SSL证书(推荐)
使用requests库
import requests
# 默认情况下,requests会验证SSL证书
response = requests.get('https://example.com')
print(response.text)
# 指定CA证书路径
response = requests.get('https://example.com', verify='/path/to/certificate.pem')
使用urllib3
import urllib3
import certifi
# 使用系统CA证书
http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
response = http.request('GET', 'https://example.com')
忽略SSL证书验证(不推荐,仅用于测试)
import requests
import urllib3
# 方式1:使用requests
response = requests.get('https://example.com', verify=False)
# 关闭警告
requests.packages.urllib3.disable_warnings()
# 方式2:使用urllib3
urllib3.disable_warnings()
http = urllib3.PoolManager(cert_reqs='CERT_NONE')
response = http.request('GET', 'https://example.com')
处理SSL证书错误
捕获SSL错误
import requests
from requests.exceptions import SSLError
try:
response = requests.get('https://example.com', verify=False)
except SSLError as e:
print(f"SSL证书错误: {e}")
except Exception as e:
print(f"其他错误: {e}")
自定义证书验证
import ssl
import requests
# 创建自定义SSL上下文
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
# 使用自定义SSL上下文
session = requests.Session()
session.verify = ssl_context
response = session.get('https://example.com')
处理特定网站的证书问题
import requests
# 使用系统CA证书
response = requests.get('https://example.com', verify=True)
# 使用特定CA证书
response = requests.get('https://example.com', verify='/path/to/custom-ca.pem')
# 使用certifi库的证书
import certifi
response = requests.get('https://example.com', verify=certifi.where())
完整示例:带重试和错误处理
import requests
from requests.adapters import HTTPAdapter
from urllib3.util.retry import Retry
import certifi
def create_robust_session():
"""创建健壮的请求会话"""
session = requests.Session()
# 重试机制
retries = Retry(
total=3,
backoff_factor=1,
status_forcelist=[500, 502, 503, 504]
)
# 适配器
adapter = HTTPAdapter(
max_retries=retries,
pool_connections=10,
pool_maxsize=10
)
session.mount('http://', adapter)
session.mount('https://', adapter)
# 证书验证
session.verify = certifi.where()
return session
def fetch_with_ssl(url, timeout=10):
"""带SSL验证的请求"""
session = create_robust_session()
try:
response = session.get(url, timeout=timeout)
response.raise_for_status()
return response.text
except requests.exceptions.SSLError as e:
print(f"SSL证书验证失败: {e}")
# 可选择继续或报错
raise
except Exception as e:
print(f"请求失败: {e}")
raise
finally:
session.close()
# 使用示例
if __name__ == "__main__":
try:
html = fetch_with_ssl('https://example.com')
print(html[:200])
except Exception as e:
print(f"爬取失败: {e}")
常用解决方案总结
# 1. 最简单的解决方案(不推荐生产环境)
import requests
response = requests.get('https://example.com', verify=False)
# 2. 推荐方案:使用系统证书
import requests
import certifi
response = requests.get('https://example.com', verify=certifi.where())
# 3. 更新证书
pip install --upgrade certifi
# 4. 使用环境变量
export REQUESTS_CA_BUNDLE=/path/to/your/cert.pem
注意事项
- 生产环境:始终验证SSL证书,不要使用
verify=False - 错误处理:捕获证书错误,实现优雅降级
- 证书更新:定期更新CA证书
- 性能影响:证书验证会增加少量延迟,但安全性更高
- 自定义证书:某些内部网站可能需要使用自签名证书
建议在开发测试时使用verify=False,生产环境中一定要正确验证SSL证书。