这个错误通常是由于TLS/SSL版本或配置问题导致的。以下是几种常见的解决方法:
1. 降低TLS版本要求
如果你的Python环境较旧或MinIO服务器配置了严格的TLS要求:
from minio import Minio
import ssl
# 创建自定义SSL上下文
ssl_context = ssl.create_default_context()
ssl_context.check_hostname = False
ssl_context.verify_mode = ssl.CERT_NONE
client = Minio(
'play.min.io',
access_key='your-access-key',
secret_key='your-secret-key',
secure=True, # 使用HTTPS
http_client=Minio.http.HTTPClient(
timeout=30,
ssl_context=ssl_context
)
)
2. 指定TLS版本
明确指定TLS版本:
import ssl
from minio import Minio
from urllib3.poolmanager import PoolManager
class SSLAdapter:
def __init__(self):
self.ssl_context = ssl.create_default_context()
# 明确指定TLS版本
self.ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
self.ssl_context.maximum_version = ssl.TLSVersion.TLSv1_3
def __call__(self, *args, **kwargs):
kwargs['ssl_context'] = self.ssl_context
return PoolManager(*args, **kwargs)
client = Minio(
'play.min.io',
access_key='your-access-key',
secret_key='your-secret-key',
secure=True,
http_client=Minio.http.HTTPClient(
timeout=30,
pool_manager=SSLAdapter()
)
)
3. 更新依赖包
确保你的Python包是最新版本:
pip install --upgrade minio urllib3 certifi
4. 使用不安全的连接(仅测试环境)
如果是在测试环境中,可以暂时使用HTTP:
client = Minio(
'localhost:9000',
access_key='your-access-key',
secret_key='your-secret-key',
secure=False # 使用HTTP
)
5. 检查系统SSL证书
更新系统的证书包:
# Ubuntu/Debian
sudo apt-get update
sudo apt-get install ca-certificates
# CentOS/RHEL
sudo yum update ca-certificates
# 或者在Python代码中指定证书路径
import certifi
import ssl
ssl_context = ssl.create_default_context(cafile=certifi.where())
6. 完整示例代码
import ssl
from minio import Minio
from urllib3.poolmanager import PoolManager
def create_minio_client(endpoint, access_key, secret_key):
"""创建MinIO客户端连接"""
# 方法1:自定义SSL上下文
ssl_context = ssl.create_default_context()
ssl_context.minimum_version = ssl.TLSVersion.TLSv1_2
try:
client = Minio(
endpoint=endpoint,
access_key=access_key,
secret_key=secret_key,
secure=True,
http_client=Minio.http.HTTPClient(
ssl_context=ssl_context,
timeout=30,
retries=3
)
)
# 测试连接
client.list_buckets()
print("连接成功!")
return client
except Exception as e:
print(f"连接失败: {e}")
# 方法2:尝试不验证证书(仅测试环境)
if "test" in endpoint or "localhost" in endpoint:
ssl_context = ssl._create_unverified_context()
client = Minio(
endpoint=endpoint,
access_key=access_key,
secret_key=secret_key,
secure=True,
http_client=Minio.http.HTTPClient(
ssl_context=ssl_context,
timeout=30
)
)
return client
raise
# 使用示例
client = create_minio_client(
endpoint='your-minio-server:9000',
access_key='your-access-key',
secret_key='your-secret-key'
)
7. 环境变量设置
可以设置环境变量来调整SSL行为:
# Linux/Mac
export SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
export REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt
# Windows
set SSL_CERT_FILE=C:\path\to\cacert.pem
set REQUESTS_CA_BUNDLE=C:\path\to\cacert.pem
排查步骤:
先尝试使用HTTP连接确认网络可达
检查MinIO服务器TLS配置
更新Python和所有相关包
检查防火墙和网络策略
使用
openssl s_client -connect host:port测试TLS握手
选择哪种方法取决于你的具体环境和安全要求。生产环境建议使用前两种方法,测试环境可以使用第四种方法临时绕过。
