证书在 python3.13 下无法校验通过 #240
Description
$ python
Python 3.13.5 (main, Jun 21 2025, 09:35:00) [GCC 15.1.1 20250425] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import requests
>>> requests.get("https://github.com")
Traceback (most recent call last):
File "/usr/lib/python3.13/site-packages/urllib3/connectionpool.py", line 464, in _make_request
self._validate_conn(conn)
~~~~~~~~~~~~~~~~~~~^^^^^^
File "/usr/lib/python3.13/site-packages/urllib3/connectionpool.py", line 1093, in _validate_conn
conn.connect()
~~~~~~~~~~~~^^
File "/usr/lib/python3.13/site-packages/urllib3/connection.py", line 790, in connect
sock_and_verified = _ssl_wrap_socket_and_match_hostname(
sock=sock,
...<14 lines>...
assert_fingerprint=self.assert_fingerprint,
)
File "/usr/lib/python3.13/site-packages/urllib3/connection.py", line 969, in _ssl_wrap_socket_and_match_hostname
ssl_sock = ssl_wrap_socket(
sock=sock,
...<8 lines>...
tls_in_tls=tls_in_tls,
)
File "/usr/lib/python3.13/site-packages/urllib3/util/ssl_.py", line 480, in ssl_wrap_socket
ssl_sock = _ssl_wrap_socket_impl(sock, context, tls_in_tls, server_hostname)
File "/usr/lib/python3.13/site-packages/urllib3/util/ssl_.py", line 524, in _ssl_wrap_socket_impl
return ssl_context.wrap_socket(sock, server_hostname=server_hostname)
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/ssl.py", line 455, in wrap_socket
return self.sslsocket_class._create(
~~~~~~~~~~~~~~~~~~~~~~~~~~~~^
sock=sock,
^^^^^^^^^^
...<5 lines>...
session=session
^^^^^^^^^^^^^^^
)
^
File "/usr/lib/python3.13/ssl.py", line 1076, in _create
self.do_handshake()
~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/ssl.py", line 1372, in do_handshake
self._sslobj.do_handshake()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: Missing Authority Key Identifier (_ssl.c:1028)Accesser 的日志:
2025-06-24 21:53:01 ERROR asyncio: Unhandled exception in client_connected_cb
transport: <_SelectorSocketTransport closed fd=10>
Traceback (most recent call last):
File "/usr/lib/python3.13/site-packages/accesser/__init__.py", line 163, in handle
await writer.wait_closed()
File "/usr/lib/python3.13/asyncio/streams.py", line 358, in wait_closed
await self._protocol._get_close_waiter(self)
File "/usr/lib/python3.13/site-packages/accesser/__init__.py", line 125, in handle
await writer.start_tls(context)
File "/usr/lib/python3.13/asyncio/streams.py", line 396, in start_tls
new_transport = await self._loop.start_tls( # type: ignore
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
...<3 lines>...
ssl_shutdown_timeout=ssl_shutdown_timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.13/asyncio/base_events.py", line 1348, in start_tls
await waiter
File "/usr/lib/python3.13/asyncio/sslproto.py", line 581, in _on_handshake_complete
raise handshake_exc
File "/usr/lib/python3.13/asyncio/sslproto.py", line 563, in _do_handshake
self._sslobj.do_handshake()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/usr/lib/python3.13/ssl.py", line 951, in do_handshake
self._sslobj.do_handshake()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
ssl.SSLError: [SSL: SSLV3_ALERT_CERTIFICATE_UNKNOWN] ssl/tls alert certificate unknown (_ssl.c:1028)
证书已经通过 trust anchor --store 导入。certifi.where() 展示的文件里也有 Accesser 的条目。