CODEWITHSUNDEEP
pythonssl
Deleted
Deleted

Reputation: 771

Python SSL error CERTIFICATE_VERIFY_FAILED

I have issue with requests to my school's website. I have searched online for the solution, while none of them works for me. I have installed certifi through pip, it doesn't work. I have reinstalled openssl, but it doesn't work.

>>> import ssl
>>> ssl.OPENSSL_VERSION
'OpenSSL 1.0.2l  25 May 2017'

Specifically, the SSL verification is the problem here. I can open the web page with my browser correctly without any warning with SSL, but I can't do with Python.

So, what should I do next? Hope someone can give me a little bit advices. Thanks a lot

Upvotes: 1

Views: 1869

Answers (1)

0x48piraj
0x48piraj

Reputation: 417

By reading the Python's requests docs,

I found the following, which stated :

When you are using the prepared request flow, keep in mind that it does not take into account the environment. This can cause problems if you are using environment variables to change the behaviour of requests. For example: Self-signed SSL certificates specified in REQUESTS_CA_BUNDLE will not be taken into account. As a result an SSL: CERTIFICATE_VERIFY_FAILED is thrown. You can get around this behaviour by explicity merging the environment settings into your session:

from requests import Request, Session

s = Session()
req = Request('GET', url)

prepped = s.prepare_request(req)

# Merge environment settings into session
settings = s.merge_environment_settings(prepped.url, None, None, None, None)
resp = s.send(prepped, **settings)

print(resp.status_code)

I recommend to read the docs because I just quoted a part of the original documentation.

Other than that,

Requests verifies SSL certificates for HTTPS requests, just like a web browser. By default, SSL verification is enabled, and Requests will throw a SSLError if it's unable to verify the certificate.

You can use verify parameter to provide the path to a CA_BUNDLE file or directory with certificates of trusted CA's:

>>> requests.get('https://your-school-website-url.com', verify='/path/to/cacert_file')

Requests can also ignore verifying the SSL certificate if you set verify to False:

>>> requests.get('https://kennethreitz.org', verify=False)
<Response [200]>

By default, verify is set to True. Option verify only applies to host certs.

Again, kindly read the docs.

Hope it helps !

Upvotes: 2

Related Questions