Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

退款时报错 SSLError #587

Closed
wuyazi opened this issue Jul 8, 2020 · 14 comments
Closed

退款时报错 SSLError #587

wuyazi opened this issue Jul 8, 2020 · 14 comments
Labels
question T: 微信支付

Comments

@wuyazi
Copy link

wuyazi commented Jul 8, 2020
edited

问题描述 (Description)

调用退款功能的时候报错

配置信息 (Environment/Version)

  • OS
    Mac

  • Python
    3.6

  • wechatpy
    1.8.13

报错信息

Error handling request
Traceback (most recent call last):
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/connectionpool.py", line 677, in urlopen
chunked=chunked,
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/connectionpool.py", line 381, in _make_request
self._validate_conn(conn)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/connectionpool.py", line 976, in validate_conn
conn.connect()
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/connection.py", line 370, in connect
ssl_context=context,
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/util/ssl.py", line 365, in ssl_wrap_socket
context.load_cert_chain(certfile, keyfile)
ssl.SSLError: [SSL] PEM lib (_ssl.c:3401)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/connectionpool.py", line 725, in urlopen
method, url, error=e, _pool=self, _stacktrace=sys.exc_info()[2]
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/urllib3/util/retry.py", line 439, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPSConnectionPool(host='api.mch.weixin.qq.com', port=443): Max retries exceeded with url: /secapi/pay/refund (Caused by SSLError(SSLError(336445449, '[SSL] PEM lib (_ssl.c:3401)'),))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/aiohttp/web_protocol.py", line 381, in start
resp = await self._request_handler(request)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/aiohttp/web_app.py", line 310, in _handle
resp = await handler(request)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/aiohttp/web_middlewares.py", line 88, in impl
return await handler(request)
File "/Users/wuyazi/italki/mississippi/src/middlewares/error.py", line 11, in middleware_handler
response = await handler(request)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/aiohttp/web_urldispatcher.py", line 741, in _iter
resp = await method()
File "/Users/wuyazi/italki/mississippi/src/common/validate.py", line 31, in wrapper
return await func(self, *args, **kwargs)
File "/Users/wuyazi/italki/mississippi/src/apis/refund.py", line 35, in post
fee_type=params.get('fee_type', 'CNY'))
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/wechatpy/pay/api/refund.py", line 43, in apply
return self._post('secapi/pay/refund', data=data)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/wechatpy/pay/base.py", line 18, in _post
return self._client.post(url, **kwargs)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/wechatpy/pay/init.py", line 193, in post
**kwargs
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/wechatpy/pay/init.py", line 138, in _request
**kwargs
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/Users/wuyazi/.local/share/virtualenvs/mississippi-uec03K_7/lib/python3.6/site-packages/requests/adapters.py", line 514, in send
raise SSLError(e, request=request)
requests.exceptions.SSLError: HTTPSConnectionPool(host='api.mch.weixin.qq.com', port=443): Max retries exceeded with url: /secapi/pay/refund (Caused by SSLError(SSLError(336445449, '[SSL] PEM lib (_ssl.c:3401)'),))
@wuyazi wuyazi added the bug label Jul 8, 2020
@LKI
Copy link
Collaborator

LKI commented Jul 8, 2020

微信退款需要用到 ssl 证书,这个报错应该是证书没有指定正确的证书。
需要去微信支付后台下载 API 证书,然后通过 wechatpy 传参指定:WeChatPay(..., mch_cert='/tmp/wechat.crt', mch_key='/tmp/wechat.key')

@LKI LKI added the question label Jul 8, 2020
@wuyazi
Copy link
Author

wuyazi commented Jul 9, 2020
edited

微信退款需要用到 ssl 证书,这个报错应该是证书没有指定正确的证书。
需要去微信支付后台下载 API 证书,然后通过 wechatpy 传参指定:WeChatPay(..., mch_cert='/tmp/wechat.crt', mch_key='/tmp/wechat.key')

@LKI
我已经指定证书了,难道是生成的 证书不对?

@LKI
Copy link
Collaborator

LKI commented Jul 9, 2020

唔,这个你可以确认一下 API 证书的版本。
还有验证证书会用到系统上的 openssl,你也可以看看是不是 openssl 版本更新以后会有用,
我本机上的 openssl 版本是 1.1.1d 是可以的。

❯ openssl version
OpenSSL 1.1.1d  10 Sep 2019

(可以用 docker 跑一个其它系统控制变量法 debug 一下)

@wuyazi
Copy link
Author

wuyazi commented Jul 10, 2020

@LKI
OpenSSL 1.1.0l 10 Sep 2019 和 OpenSSL 1.1.1g 21 Apr 2020 试过都不行

@messense
Copy link
Member

@wuyazi 贴一下你初始化 WeChatPay 部分的代码。

@messense
Copy link
Member

大概率是你传入的证书不对。
https://stackoverflow.com/questions/30109449/what-does-sslerror-ssl-pem-lib-ssl-c2532-mean-using-the-python-ssl-libr

@wuyazi
Copy link
Author

wuyazi commented Jul 10, 2020

@LKI

        wechat_pay_obj = iTalkiWeChatPay(app_id, api_key, mch_id, mch_cert=mch_cert_path, mch_key=mch_key_path)
        # 发起退款
        refund_result = wechat_pay_obj.refund.apply(total_fee=params.get('total_fee', 0),
                                                    refund_fee=params.get('refund_fee', 0),
                                                    out_refund_no=params.get('out_refund_no', ''),
                                                    transaction_id=params.get('transaction_id', ''),
                                                    fee_type=params.get('fee_type', 'CNY'))

iTalkiWeChatPay 继承自 WeChatPay,支付是好用的,没用到证书

@wuyazi
Copy link
Author

wuyazi commented Jul 10, 2020
edited

我在 https://pay.weixin.qq.com/wiki/doc/api/app/app.php?chapter=20_1 测试的签名是通过的

@wuyazi
Copy link
Author

wuyazi commented Jul 10, 2020

证书是 apiclient_cert.p12 和 apiclient_key.pem

@wuyazi
Copy link
Author

wuyazi commented Jul 10, 2020

@LKI
https://pay.weixin.qq.com/wiki/doc/api/native.php?chapter=10_4
这个需要设置吗

@messense
Copy link
Member

证书是 apiclient_cert.p12 和 apiclient_key.pem

应该用 apiclient_cert.pem 而不是 apiclient_cert.p12

@wuyazi
Copy link
Author

wuyazi commented Jul 10, 2020

@LKI
可以了,多谢了!!!
微信这个文档我也是醉了。

Pasted Graphic

@messense
Copy link
Member

.p12 的文件里面包含了公钥和私钥,Python requests 包不支持这样的有密码的证书

@messense messense mentioned this issue Jul 10, 2020
Closed
@LKI
Copy link
Collaborator

LKI commented Jul 10, 2020

@wuyazi 解決了就好~

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question T: 微信支付
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@messense @LKI @wuyazi