发表新帖
发表新帖

pycurl and SSL cert

后端 未结
关注
2 2061
囚心锁ツ
囚心锁ツ 2021-02-02 09:33

I am trying to write a pycurl script to access a secured site (HTTPS).

c = pycurl.Curl()
c.setopt(pycurl.USERAGENT, \'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0)
2条回答
  • 刺人心
    刺人心 (楼主)
    2021-02-02 10:04

    You are right, the way you are doing it subjects you to a man-in-the-middle attack, especially in light of the most recent SSL vulnerabilities. You can resolve it as follows:

    import pycurl
curl = pycurl.Curl()
curl.setopt(pycurl.URL, "https://your-secure-website.com/")
curl.setopt(pycurl.SSL_VERIFYPEER, 1)
curl.setopt(pycurl.SSL_VERIFYHOST, 2)
curl.setopt(pycurl.CAINFO, "/path/to/updated-certificate-chain.crt")
curl.perform()

    curl by default comes with an outdated certificate list. Whether you want to update it or just use your own certs for testing, make sure to place the updated-certificate-chain.crt file in an accessible location and use the pycurl.CAINFO option to point to it.

    Also make sure pycurl.SSL_VERIFYHOST is set to 2, the highest security check setting.

    0 讨论(0)
 看不清?
提交回复
热议问题