https – How do I disable the security certificate check in Python requests

ByMartin

https – How do I disable the security certificate check in Python requests

From the documentation:

requests can also ignore verifying the SSL certificate if you set
verify to False.

>>> requests.get(https://kennethreitz.com, verify=False)
<Response [200]>

If youre using a third-party module and want to disable the checks, heres a context manager that monkey patches requests and changes it so that verify=False is the default and suppresses the warning.

import warnings
import contextlib

import requests
from urllib3.exceptions import InsecureRequestWarning


old_merge_environment_settings = requests.Session.merge_environment_settings

@contextlib.contextmanager
def no_ssl_verification():
    opened_adapters = set()

    def merge_environment_settings(self, url, proxies, stream, verify, cert):
        # Verification happens only once per connection so we need to close
        # all the opened adapters once were done. Otherwise, the effects of
        # verify=False persist beyond the end of this context manager.
        opened_adapters.add(self.get_adapter(url))

        settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert)
        settings[verify] = False

        return settings

    requests.Session.merge_environment_settings = merge_environment_settings

    try:
        with warnings.catch_warnings():
            warnings.simplefilter(ignore, InsecureRequestWarning)
            yield
    finally:
        requests.Session.merge_environment_settings = old_merge_environment_settings

        for adapter in opened_adapters:
            try:
                adapter.close()
            except:
                pass

Heres how you use it: 

with no_ssl_verification():
    requests.get(https://wrong.host.badssl.com/)
    print(It works)

    requests.get(https://wrong.host.badssl.com/, verify=True)
    print(Even if you try to force it to)

requests.get(https://wrong.host.badssl.com/, verify=False)
print(It resets back)

session = requests.Session()
session.verify = True

with no_ssl_verification():
    session.get(https://wrong.host.badssl.com/, verify=True)
    print(Works even here)

try:
    requests.get(https://wrong.host.badssl.com/)
except requests.exceptions.SSLError:
    print(It breaks)

try:
    session.get(https://wrong.host.badssl.com/)
except requests.exceptions.SSLError:
    print(It breaks here again)

Note that this code closes all open adapters that handled a patched request once you leave the context manager. This is because requests maintains a per-session connection pool and certificate validation happens only once per connection so unexpected things like this will happen:

>>> import requests
>>> session = requests.Session()
>>> session.get(https://wrong.host.badssl.com/, verify=False)
/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
<Response [200]>
>>> session.get(https://wrong.host.badssl.com/, verify=True)
/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
<Response [200]>

Use requests.packages.urllib3.disable_warnings() and verify=False on requests methods.

import requests
from urllib3.exceptions import InsecureRequestWarning

# Suppress only the single warning from urllib3 needed.
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)

# Set `verify=False` on `requests.post`.
requests.post(url=https://example.com, data={bar:baz}, verify=False)

https – How do I disable the security certificate check in Python requests

To add to Blenders answer, you can disable SSL certificate validation for all requests using Session.verify = False

import requests

session = requests.Session()
session.verify = False
session.post(url=https://example.com, data={bar:baz})

Note that urllib3, (which Requests uses), strongly discourages making unverified HTTPS requests and will raise an InsecureRequestWarning.

Leave a Reply

Your email address will not be published. Required fields are marked *