Python SSL 套接字：接受自签名证书

我正在尝试使用 pythons ssl 套接字模块构建一个简单的客户端-服务器应用程序。 运行here提供的示例代码时，客户端失败，返回证书验证因自签名证书而失败。 我提供带有

context.load_verify_locations("/home/vincent/work/CA/2/AllIO_Dev_CA_2.crt")

的自签名根 CA 证书。 在服务器端，证书文件还包含服务器证书以及按照正确顺序指定的 CA 自签名证书（第一个服务器证书，第二个 CA 证书）。 在修复 python 之外的错误的方法中，我还将我的自签名根 CA 证书添加到受信任 CA 证书的操作系统列表中。 我需要做什么才能允许使用自签名证书进行连接？ 由于这只是为了概念证明，目前还不能选择购买可信证书。

服务器.py import socket, ssl def deal_with_client(connstream): data = connstream.recv(1024) # empty data means the client is finished with us while data: if not do_something(connstream, data): # we'll assume do_something returns False # when we're finished with client break data = connstream.recv(1024) # finished with client context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH) context.load_cert_chain(certfile="/home/vincent/work/CA/2/Dev_Server_2_Chain.crt", keyfile="/home/vincent/work/CA/2/Dev_Server_2.pem") bindsocket = socket.socket() bindsocket.bind(('vm-kubuntu-23', 10023)) bindsocket.listen(5) while True: newsocket, fromaddr = bindsocket.accept() connstream = context.wrap_socket(newsocket, server_side=True) try: deal_with_client(connstream) finally: connstream.shutdown(socket.SHUT_RDWR) connstream.close()

客户端.py import socket, ssl import yaml context = ssl.create_default_context() context = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT) context.load_verify_locations("/home/vincent/work/CA/2/Dev_CA_2.crt") print(context.get_ca_certs()) conn = context.wrap_socket(socket.socket(socket.AF_INET), server_hostname="vm-kubuntu-23") conn.connect(("vm-kubuntu-23", 10023)) cert = conn.getpeercert() pprint.pprint(cert) conn.sendall("Test Message 101r\n")

python3 client.py 
[{'subject': ((('commonName', 'vm-kubuntu-23'),),), 'issuer': ((('commonName', 'vm-kubuntu-23'),),), 'version': 3, 'serialNumber': '3C337F71CFD1EA6D', 'notBefore': 'Nov  3 18:27:00 2023 GMT', 'notAfter': 'Nov  3 18:27:00 2033 GMT'}]
Traceback (most recent call last):
  File "/home/vincent/work/switchFrontpanel/application/networkDemo/client2.py", line 12, in <module>
    conn.connect(("vm-kubuntu-23", 10023))
  File "/usr/lib/python3.11/ssl.py", line 1379, in connect
    self._real_connect(addr, False)
  File "/usr/lib/python3.11/ssl.py", line 1370, in _real_connect
    self.do_handshake()
  File "/usr/lib/python3.11/ssl.py", line 1346, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1002)

Dev_CA_2.crt

-----BEGIN CERTIFICATE----- MIIDJDCCAgygAwIBAgIIPDN/cc/R6m0wDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UE AxMNdm0ta3VidW50dS0yMzAeFw0yMzExMDMxODI3MDBaFw0zMzExMDMxODI3MDBa MBgxFjAUBgNVBAMTDXZtLWt1YnVudHUtMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDKrrfoFaUwL9V/EIsc+/+XV52bcvrUcL4no/QUzt0VrWuOLWl1 t08Fzs0Trvrc6Dw13Lhkzdtw/Vxn2hYLTe3XW//zcJcXjqSPC6wQnr4YYWxh0SRm Hj4gcH3MIlX7b83ykaTx2aNvwA0CRvZP30emy4U50LMnyO2nLMuTym4gAwS9FARK BX0sJO5TR5xAPEQ27IT7X1N6yKjfHpDGD1HKXr9QqwtpJ/Cug3hzzwcYr3qH5Ot+ IXQ5wfme/xdOcCgNSPzLPTng2raU3EfPb/F/0SRzoxt46VqL1Hb9pfLhxazqVYFE Jk6ZJHInGDQXNAuvkHM3H5ctKbO/SvuBc1DtAgMBAAGjcjBwMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFHWcCma48vOOcyHgUA8Vql/dI91pMAsGA1UdDwQEAwIB BjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZp Y2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAU2AByG3zVeA3Xdy1CcWaNH6pzXYKui4+ imLgPgTO7Epx61sENoIszbTbiYvgEqJvHqE7kv2ZU45Z5yE75Dl3t5hoGxfrf5Wm LWrEWMNLKyqJ7fEHYdPrOYu81Y1hPWKrPir5cnyHhgYSJtK7DkmBan5JGSUwKGeg WvM3GcEUvYksCW17eJlFEnVYjQ5AZuk9Pu4R2/ElgFT4dGQcMHdktvs6iWzxy5Fc OSCT1aZp+0p5300kszIg2GjVYLRe1Qi8ikO0JN4T8RjCp8bD9VvLB+RikutYu5fP OOQoU3q/QxTqPmaRYG/yscgbfv7e+OqPq5Xe5K/N/SK/Cif+5SLVMA== -----END CERTIFICATE-----

Dev_Server_2_Chain.crt

-----BEGIN CERTIFICATE----- MIIDUjCCAjqgAwIBAgIIR0ITHughgqswDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UE AxMNdm0ta3VidW50dS0yMzAeFw0yMzExMDMxODMwMDBaFw0yNDExMDIxODMwMDBa MBgxFjAUBgNVBAMTDXZtLWt1YnVudHUtMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQC9D3zzuArbmXHvSSHOswvD2f1Rl4dvWO8xc4aE08j16MQoZlF0 zoR4+ZT6NIKRpqXcT6sH3CYCYtLLgv0VtifPz5DjvNW/coSMiA/HtgO8f6wP8PNM Zg0Si0O2Nn2obDVMJrb2kRKwevpjXwlzsIbHVYKvc95/Ftg0Dr6eef7M+sHDoDxo AyOp0xC+CcWo8czXg3GroF473DG1yjhwIR8JeyxQySw2AOchts9IgJXxAqD/RxxN 6DKSsrBu1LGUIY6yRP7T/vrWq6eQ8eQYxwVYjJ2R6KK7qk48BWrgSbSVuntyMU0s aQ5y5HByIV0ol0JsQ4a6gH1EeS5LyGkVbkEpAgMBAAGjgZ8wgZwwDAYDVR0TAQH/ BAIwADAdBgNVHQ4EFgQUfx7HNm4PuVTkGq+jM12yvtaeT+AwCwYDVR0PBAQDAgPo MBMGA1UdJQQMMAoGCCsGAQUFBwMBMBgGA1UdEQQRMA+CDXZtLWt1YnVudHUtMjMw EQYJYIZIAYb4QgEBBAQDAgZAMB4GCWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNh dGUwDQYJKoZIhvcNAQELBQADggEBAMMkq51jSG9Qa5/NMMbglhmdpLeRCOIhE5+h VnBAhfsJG18de225Un9Om2xmhcwOKNcBQhfrDKppNkCpr5JI5lNHp2d6K1in5Qw5 c+z4ziDCGSGypH2rezx6rNUwVvtKf1rpZo+68W1X9qyyaRGgrPUCrGiuXgpo733B o3GX9sC0FzrCZ2e8b6chCo6gVWQW3DX6KqXYJsanqnSFpnA65TtAxMStWj/l7gWT XdqfZ8OtxA4vYW27+WbSOgCmmMXkKGiGoRfxODp2KwbYHuyg5kLyLSJ4VxJQ2xbK AXUIdXSXvmLxNvsSqwh+519KwknYlYR6MuEpptGxMC+B8X04VIc= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDJDCCAgygAwIBAgIIPDN/cc/R6m0wDQYJKoZIhvcNAQELBQAwGDEWMBQGA1UE AxMNdm0ta3VidW50dS0yMzAeFw0yMzExMDMxODI3MDBaFw0zMzExMDMxODI3MDBa MBgxFjAUBgNVBAMTDXZtLWt1YnVudHUtMjMwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQDKrrfoFaUwL9V/EIsc+/+XV52bcvrUcL4no/QUzt0VrWuOLWl1 t08Fzs0Trvrc6Dw13Lhkzdtw/Vxn2hYLTe3XW//zcJcXjqSPC6wQnr4YYWxh0SRm Hj4gcH3MIlX7b83ykaTx2aNvwA0CRvZP30emy4U50LMnyO2nLMuTym4gAwS9FARK BX0sJO5TR5xAPEQ27IT7X1N6yKjfHpDGD1HKXr9QqwtpJ/Cug3hzzwcYr3qH5Ot+ IXQ5wfme/xdOcCgNSPzLPTng2raU3EfPb/F/0SRzoxt46VqL1Hb9pfLhxazqVYFE Jk6ZJHInGDQXNAuvkHM3H5ctKbO/SvuBc1DtAgMBAAGjcjBwMA8GA1UdEwEB/wQF MAMBAf8wHQYDVR0OBBYEFHWcCma48vOOcyHgUA8Vql/dI91pMAsGA1UdDwQEAwIB BjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZp Y2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAU2AByG3zVeA3Xdy1CcWaNH6pzXYKui4+ imLgPgTO7Epx61sENoIszbTbiYvgEqJvHqE7kv2ZU45Z5yE75Dl3t5hoGxfrf5Wm LWrEWMNLKyqJ7fEHYdPrOYu81Y1hPWKrPir5cnyHhgYSJtK7DkmBan5JGSUwKGeg WvM3GcEUvYksCW17eJlFEnVYjQ5AZuk9Pu4R2/ElgFT4dGQcMHdktvs6iWzxy5Fc OSCT1aZp+0p5300kszIg2GjVYLRe1Qi8ikO0JN4T8RjCp8bD9VvLB+RikutYu5fP OOQoU3q/QxTqPmaRYG/yscgbfv7e+OqPq5Xe5K/N/SK/Cif+5SLVMA== -----END CERTIFICATE-----

备注：由于这些证书纯粹用于测试目的，之后将被处理，我不介意分享它们。