Reputation: 4849
SSL certificate verify failed with python requests library
We have this local site which has recently just updated its certificate. I saved the certificates in a certs.pem file and tried to connect it with some tools. Below operations are done on a Ubuntu 14.10 box.
When I run:
openssl s_client -connect mylocalsite:8080 -verify 9 -CAfile certs.pem
I get Verify return code: 0 (ok), then I run:
wget https://mylocalsite:8080 --ca-certificate=certs.pem
I get:
--2016-06-15 01:53:00-- https://mylocalsite:8080/
Resolving mylocalsite (mylocalsite)... 10.41.13.26
Connecting to mylocalsite (mylocalsite)|10.41.13.26|:8080... connected.
So the certificate seems to work OK, then I use requests 2.10.0 with python 3.4.3 on the same box:
import requests
requests.get('https://mylocalsite:8080', verify='/path/to/certs.pem')
I get
requests.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)
I'm completely new to SSL related things. What could possibly go wrong here?
Thanks!
Upvotes: 2
Views: 2421
Answers (1)
Reputation: 432
Looks like openssl s_client -connect is happy with "only" having the correct certificate but you need to pass the whole chain to requests' verify parameter (though both are using the same library under the hood, of course).
SSL support in requests needs some serious revamp (and it's being worked on AFAIK)
Upvotes: 1
Related Questions
- pip install fails with "connection error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:598)"
- Unable to get local issuer certificate when using requests
- certificate verify failed: unable to get local issuer certificate
- How to upgrade all Python packages with pip
- brew installation of Python 3.6.1: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
- Use different Python version with virtualenv
- Failed to validate self-signed certificate with python-requests
- How to POST JSON data with Python Requests?