使用Python请求会话时SSL EOF错误

时间:2018-06-22 12:35:26

标签: python-2.7 ssl flask kubernetes python-requests

摘要

我有一个烧瓶应用程序部署到python 2.7.12,Flask 0.12.2并使用请求库的Kubernetes。我在使用request.session在容器内发送POST请求时遇到SSLError。使用请求会话连接到https URL时,请求会抛出SSLError

某些背景

  • 我还没有添加任何证书
  • 当我在本地运行docker映像但在从容器内部部署到kubernetes之后,该项目有效-发布请求未发送到url verify = false也不起作用

系统信息-我正在使用什么: Python 2.7.12,Flask == 0.12.2,Kubernetes,python-requests-2.18.4

预期结果

发送POST请求后获取HTTP响应代码200

错误日志 

r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/site-packages/requests/adapters.py", line 511, in send
raise SSLError(e, request=request)
SSLError: HTTPSConnectionPool(host='dev.domain.nl', port=443): Max retries exceeded with url: /ingestion?LrnDevEui=0059AC0000152A03&LrnFPort=1&LrnInfos=TWA_100006356.873.AS-1-135680630&AS_ID=testserver&Time=2018-06-22T11%3A41%3A08.163%2B02%3A00&Token=1765b08354dfdec (Caused by SSLError(SSLEOFError(8, u'EOF occurred in violation of protocol (_ssl.c:661)'),))

/usr/local/lib/python2.7/site-packages/urllib3/connectionpool.py:858:InsecureRequest警告:正在发出未经验证的HTTPS请求。强烈建议添加证书验证。参见:https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings   InsecureRequestWarning)

复制步骤 

import requests
from flask import Flask, request, jsonify
from requests import Request, Session

sess = requests.Session()
adapter = requests.adapters.HTTPAdapter(max_retries = 200)
sess.mount('http://', adapter)
sess.mount('https://', adapter)
sess.cert ='/usr/local/lib/python2.7/site-packages/certifi/cacert.pem'


def test_post():
    url = 'https://dev.domain.nl/ingestion/?'
    header = {'Content-Type': 'application/json', 'Accept': 'application/json'}
    response = sess.post(url, headers= header, params= somepara, data= json.dumps(data),verify=True)
    print response.status_code
    return response.status_code

def main():
    threading.Timer(10.0, main).start()
    test_post()

if __name__ == '__main__':
    main()
    app.run(host="0.0.0.0", debug=True, port=5001, threaded=True)

Docker文件

FROM python:2.7-alpine
COPY ./web /web
WORKDIR /web
RUN pip install -r requirements.txt

ENV FLASK_APP app.py

EXPOSE 5001
EXPOSE 443

CMD ["python", "app.py"]

1 个答案:

答案 0 :(得分:0)

问题可能出在缺少CA证书的Alpine Docker映像中。在笔记本电脑上,代码可以正常工作,因为它使用本地工作站上的CA证书。我认为在本地运行Docker映像也会失败-因此问题不是k8s。

尝试将以下行添加到Dockerfile:

RUN apk update && apk add ca-certificates && rm -rf /var/cache/apk/*

它将在容器内安装CA证书。

相关问题
最新问题