How to Use SSLContext with Python Requests Library?

Question

The certifi library often runs into issues with domain certificates, but in the standard urllib.request library has no issue.

If I set the context to use the certifi's file, I get the SSL error,

import ssl
import certifi
import requests.urllib as urlrq

resp = urlrq.urlopen(url="https://<web address>/rest/info?f=json", 
                                  context=ssl.create_default_context(cafile=certifi.where()))

if I use the standard library and set the context as follows:

import ssl
import certifi
import requests.urllib as urlrq

resp = urlrq.urlopen(url="https://<web address>/rest/info?f=json", 
                                  context=ssl.SSLContext(ssl.PROTOCOL_TLSv1))

No SSL error.

How can I get requests to honor this SSLContext?

score 2 · Answer 1 · answered Sep 25 '20 at 14:14

2

Creating an ssl.SSLContext() on its own doesn't enable certificate verification or load CA certificates by default. This is why you're not seeing SSL errors. Using ssl.create_ssl_context() does set verification by default.

So the issue here isn't with SSLContext or certifi, it's with the website's certificate and how you're constructing your SSLContext. Next step would be to look into why the certificate the website is presenting isn't valid.

answered Sep 25 '20 at 14:14

sethmlarson

923
8
21

is there a way to garnish more information from urllib3/requests on what is the cause of the error? – JabberJabber Sep 25 '20 at 15:37
1

Exact error message from requests: (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'), – JabberJabber Sep 25 '20 at 16:01

How to Use SSLContext with Python Requests Library?

1 Answers1