Avoid SSL verification error at work when using urllib3 library

Question

Using urllib3 library at work throws an SSL verification error. When I explicitly use urllib3, I know how to avoid it using

import urllib3
c = urllib3.HTTPSConnectionPool('10.0.3.168', port=9001, cert_reqs='CERT_NONE', assert_hostname=False)
c.request('GET', '/')

as explained in Ignore certificate validation with urllib3

But a library calls another library and it calls another and uses urllib3 inside it, I don't know how to avoid SSL verification. I think revising the code inside the .py files in the folder /somepath/anaconda3/lib/site-packages/urllib3 solves the problem but cannot find which part I should revise.

Well, it's definitely possible to hack urllib3 to override assert_hostname to always be False, but that seems like a really bad solution, since it allows for insecure connections for all code using urllib3. It's also possible for it to default as False, but again, that would modify the expected behavior for all programs running on the box and you'd need to redo it every time you installed or updated urllib3. Are you able to get the actual hostname of that IP (the one that's on the cert) and use that in the call? If not, are you able to create a cert that's bound to the IP address? — Mark H, Mar 06 '21 at 17:51
@MarkH could you please show how to override `assert_hostname` to always be `False`? — Test, Aug 15 '22 at 08:29

score -1 · Answer 1 · answered Mar 09 '21 at 23:24

-1

Try changing connectionpool.py file. Look for super().init method and change this line:

  self.assert_hostname = assert_hostname

to

  self.assert_hostname = False

answered Mar 09 '21 at 23:24

Renato Silva

65
6

Avoid SSL verification error at work when using urllib3 library

1 Answers1