8

I'm attempting to download some data from an internal server using Python. Since it's internal, it uses a self-signed certificate. (We don't want to pay Verisign for servers that will never appear "in the wild.") The Python 2.6 version of the code worked fine.

response = urllib2.urlopen(URL)
data = csv.reader(response)

I'm now trying to update to Python 3.4 (long story, don't ask.) However, using Python 3's urllib fails:

response = urllib.request.urlopen(URL)

It throws a CERTIFICATE_VERIFY_FAILED error.

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)>

In reading around the web, apparently Python 2.6 urllib2 doesn't bother to verify certificates. Some versions of urllib allow "verify=False" to be passed to the method signature, but that doesn't appear to work in Python 3.4.

Does anyone know how I can get around this? I'd like to avoid using the Requests package because of corporate security guidelines.

Nathaniel Ford
  • 18,661
  • 20
  • 81
  • 93
vaFyreHeart
  • 255
  • 1
  • 3
  • 12

3 Answers3

16

Use following for disabling SSL certificate validation for a URL

import ssl
myssl = ssl.create_default_context();
myssl.check_hostname=False
myssl.verify_mode=ssl.CERT_NONE
urlopen("URL",context=myssl)

Use following to disable SSL certificate validations for all URLs

 ssl._create_default_https_context = ssl._create_unverified_context
 urlopen("URL");
gcamargo
  • 3,071
  • 2
  • 20
  • 32
Sanj
  • 3,661
  • 2
  • 23
  • 26
4

urllib.request.urlopen has a context keyword parameter that accepts an SSLContext object. So, passing a SSLContext object with .verify_mode set to ssl.CERT_NONE i.e. SSLContext.verify_mode = ssl.CERT_NONE should be equal to verify=False

Muhammad Tahir
  • 4,846
  • 1
  • 16
  • 34
0

With urllib3 :

import urllib3

urllib3.disable_warnings()

http.request('GET', 'https://example.org')
Skippy le Grand Gourou
  • 5,996
  • 4
  • 52
  • 70