Python Requests Do Not Verify SSL
Python Requests is a popular library used for making HTTP requests in Python. It is very easy to use and has a lot of features, including support for SSL/TLS encryption. However, by default, the library does not verify SSL certificates for HTTPS connections. This can be a security risk in certain situations, as it leaves you vulnerable to man-in-the-middle attacks.
Why Doesn't Python Requests Verify SSL?
The reason Python Requests does not verify SSL certificates by default is because there are many cases where you may want to make an HTTPS connection without verifying the certificate. For example, if you are making a request to a local development server that is using a self-signed certificate, verifying the certificate would cause the request to fail.
How to Verify SSL Certificates with Python Requests
If you want to verify SSL certificates when making HTTPS requests with Python Requests, you can pass the verify
parameter to the requests.get()
function. The verify
parameter should be set to True
to enable certificate verification.
import requests
response = requests.get('https://example.com', verify=True)
If the SSL certificate cannot be verified, Python Requests will raise a requests.exceptions.SSLError
exception.
Disabling SSL Certificate Verification
If you want to disable SSL certificate verification altogether, you can pass the verify
parameter as False
. This is not recommended, as it leaves you vulnerable to man-in-the-middle attacks.
import requests
response = requests.get('https://example.com', verify=False)
Using a Custom Certificate Authority
If you want to use a custom certificate authority to verify SSL certificates, you can pass the path to the CA bundle file as the verify
parameter. This is useful if you are connecting to a server that is using a certificate signed by a custom CA that is not trusted by the system CA store.
import requests
response = requests.get('https://example.com', verify='/path/to/ca-bundle.crt')
You can generate a custom CA bundle file using tools such as cURL's caextract utility.