python ssl相关问题说明



上了CPU实时监控python脚本后，执行时出现send信息失败
[root@hadoop153 home]# python tt.py
hostName:hadoop153, time:09-06 10:32:01 value:6.277
/usr/lib/python2.6/site-packages/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  SNIMissingWarning
/usr/lib/python2.6/site-packages/requests/packages/urllib3/util/ssl_.py:132: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecurePlatformWarning
Traceback (most recent call last):
  File "tt.py", line 53, in <module>
    monitorLog(logFile)
  File "tt.py", line 49, in monitorLog
    send_msg(content)
  File "tt.py", line 29, in send_msg
    url = "https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token="+get_token()
  File "tt.py", line 23, in get_token
    req = requests.post(url, params=values)
  File "/usr/lib/python2.6/site-packages/requests/api.py", line 110, in post
    return request('post', url, data=data, json=json, **kwargs)
  File "/usr/lib/python2.6/site-packages/requests/api.py", line 56, in request
    return session.request(method=method, url=url, **kwargs)
  File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 488, in request
    resp = self.send(prep, **send_kwargs)
  File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 609, in send
    r = adapter.send(request, **kwargs)
  File "/usr/lib/python2.6/site-packages/requests/adapters.py", line 497, in send
    raise SSLError(e, request=request)
requests.exceptions.SSLError: [Errno 1] _ssl.c:492: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

warning异常解决方法：安装旧版本requests包，根据脚本执行正常服务器hadoop152的版本为2.13.0
pip list
pip uninstall requests
pip install requests==2.13

SSLError异常解决方法：发现发送异常的服务器上多了一个certifi证明包，把它卸载掉即可，具体原因未知

在centos 6.8上，卸载掉certifi证明包会有其他库包缺失module
解决办法是先卸载掉，再安装旧版本
[root@hadoop100 python]# pip uninstall -y certifi
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Uninstalling certifi-2017.7.27.1:
  Successfully uninstalled certifi-2017.7.27.1
[root@hadoop100 python]# pip install certifi==2015.04.28
DEPRECATION: Python 2.6 is no longer supported by the Python core team, please upgrade your Python. A future version of pip will drop support for Python 2.6
Collecting certifi==2015.04.28
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:318: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
  SNIMissingWarning
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:122: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. You can upgrade to a newer version of Python to solve this. For more information, see https://urllib3.readthedocs.io/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
  Downloading certifi-2015.04.28-py2.py3-none-any.whl (373kB)
    100% |████████████████████████████████| 378kB 779kB/s
Installing collected packages: certifi
Successfully installed certifi-2015.4.28