ly0 / baidupcsapi

百度网盘api
MIT License
1.21k stars 234 forks source link

登陆失败报错证书校验失败 #67

Closed MasterColor closed 6 years ago

MasterColor commented 6 years ago

Traceback (most recent call last): File "C:\Python34\lib\site-packages\urllib3\connectionpool.py", line 601, in urlopen chunked=chunked) File "C:\Python34\lib\site-packages\urllib3\connectionpool.py", line 346, in _make_request self._validate_conn(conn) File "C:\Python34\lib\site-packages\urllib3\connectionpool.py", line 850, in _validate_conn conn.connect() File "C:\Python34\lib\site-packages\urllib3\connection.py", line 326, in connect sslcontext=context) File "C:\Python34\lib\site-packages\urllib3\util\ssl.py", line 329, in ssl_wrap_socket return context.wrap_socket(sock, server_hostname=server_hostname) File "C:\Python34\lib\ssl.py", line 344, in wrap_socket _context=self) File "C:\Python34\lib\ssl.py", line 540, in init self.do_handshake() File "C:\Python34\lib\ssl.py", line 767, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "C:\Python34\lib\site-packages\requests\adapters.py", line 440, in send timeout=timeout File "C:\Python34\lib\site-packages\urllib3\connectionpool.py", line 639, in urlopen _stacktrace=sys.exc_info()[2]) File "C:\Python34\lib\site-packages\urllib3\util\retry.py", line 388, in increment raise MaxRetryError(_pool, url, error or ResponseError(cause)) urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='passport.baidu.com', port=443): Max retries exceeded with url: /v2/api/?getapi&tpl=mn&apiver=v3&class=login&tt=1513825770&logintype=dialogLogin&callback=0 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)'),))

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "<pyshell#7>", line 1, in pcs = PCS('xxxxxx','xxxxx') File "C:\Python34\lib\site-packages\baidupcsapi\api.py", line 501, in init verify_func=verify_callback) File "C:\Python34\lib\site-packages\baidupcsapi\api.py", line 169, in init self._initiate() File "C:\Python34\lib\site-packages\baidupcsapi\api.py", line 227, in _initiate self.user['token'] = self._get_token() File "C:\Python34\lib\site-packages\baidupcsapi\api.py", line 256, in _get_token time.time())).text.replace('\'', '\"') File "C:\Python34\lib\site-packages\requests\sessions.py", line 521, in get return self.request('GET', url, kwargs) File "C:\Python34\lib\site-packages\requests\sessions.py", line 508, in request resp = self.send(prep, send_kwargs) File "C:\Python34\lib\site-packages\requests\sessions.py", line 618, in send r = adapter.send(request, **kwargs) File "C:\Python34\lib\site-packages\requests\adapters.py", line 506, in send raise SSLError(e, request=request) requests.exceptions.SSLError: HTTPSConnectionPool(host='passport.baidu.com', port=443): Max retries exceeded with url: /v2/api/?getapi&tpl=mn&apiver=v3&class=login&tt=1513825770&logintype=dialogLogin&callback=0 (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)'),))

MasterColor commented 6 years ago

相关链接拷出来用postman 和浏览器都可以访问 https://passport.baidu.com/v2/api/?getapi&tpl=mn&apiver=v3&class=login&tt=1513826149&logintype=dialogLogin&callback=0

ly0 commented 6 years ago

参考 https://github.com/ly0/baidupcsapi/issues/38

MasterColor commented 6 years ago

为什么要这么做呢, 这个链接的证书不可信吗? 我改成http之后倒是可以用了 不会百度的 这种对外链接用的是 自签名证书吧

ly0 commented 6 years ago

倒不是baidu用自签,是库的锅,可以参考一下这个 https://github.com/requests/requests/issues/3859

MasterColor commented 6 years ago

那这个 有没有考虑过中间人攻击或者其他类似的 攻击场景呢

MasterColor commented 6 years ago

顺便问一句, 这个是百度网盘的官方SDK吗? 百度网盘有没有java SDK ,有没有接口文档?

ly0 commented 6 years ago

肯定不是官方的SDK啦,这个只是python的ssl库的一个bug,并不会导致MITM问题。 其他的不大清楚。