Как отключить проверку сертификата в модуле requests?
Как на уровне самого модуля requests , в его файлах отключить проверку сертификатов?
Чтобы когда какое либо приложение использующее данный модуль отправляла get запрос не проверялся сертификат.
В каком файле этого модуля можно этого сделать?
Сэр, я имел в виду как отключить эту проверку на уровне самой библиотеки, чтобы этот параметр оставался отключенным всегда, понимаете ? чтобы по умолчанию было verify =False
3 ответа 3
нужно отключить эту проверку на уровне самого модуля, а не в своем приложении, чтобы не приходилось постоянно указывать в коде verify=False
В вашем виртуальном окружении по адресу (python3.6 может быть другим):
venv/lib/python3.6/site-packages/requests/sessions.py def request(self, method, url, params=None, data=None, headers=None, cookies=None, files=None, auth=None, timeout=None, allow_redirects=True, proxies=None, hooks=None, stream=None, verify=None, cert=None, json=None): измените verify=None на verify=False . хотя затея — так себе.
согласен с @Jack_oS, затея так себе. Все таки переопределение помогает не притрагиваться к внутренностям пакетов.
Requests can also ignore verifying the SSL certificate if you set verify to False:
requests.get('https://kennethreitz.org', verify=False) Note that when verify is set to False, requests will accept any TLS certificate presented by the server, and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle (MitM) attacks. Setting verify to False may be useful during local development or testing.
Укажи параметр verify=False чтоб пропустить проверкеу сертификата, но лучше положи сертификат вместе со своим приложением и в параметре verify укажи путь к нему.
Этот же параметр присутствует в Session объекте. Создай сессию без проверки и используй её вместо модуля.
session = requests.Session(verify=False) session.get('https://httpbin.org/cookies/set/sessioncookie/123456789') r = session.get('https://httpbin.org/cookies') How do I disable the security certificate check in Python requests
but I get a request.exceptions.SSLError. The website has an expired certficate, but I am not sending sensitive data, so it doesn’t matter to me. I would imagine there is an argument like ‘verifiy=False’ that I could use, but I can’t seem to find it.
10 Answers 10
requests can also ignore verifying the SSL certificate if you set verify to False.
>>> requests.get('https://kennethreitz.com', verify=False) If you’re using a third-party module and want to disable the checks, here’s a context manager that monkey patches requests and changes it so that verify=False is the default and suppresses the warning.
import warnings import contextlib import requests from urllib3.exceptions import InsecureRequestWarning old_merge_environment_settings = requests.Session.merge_environment_settings @contextlib.contextmanager def no_ssl_verification(): opened_adapters = set() def merge_environment_settings(self, url, proxies, stream, verify, cert): # Verification happens only once per connection so we need to close # all the opened adapters once we're done. Otherwise, the effects of # verify=False persist beyond the end of this context manager. opened_adapters.add(self.get_adapter(url)) settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert) settings['verify'] = False return settings requests.Session.merge_environment_settings = merge_environment_settings try: with warnings.catch_warnings(): warnings.simplefilter('ignore', InsecureRequestWarning) yield finally: requests.Session.merge_environment_settings = old_merge_environment_settings for adapter in opened_adapters: try: adapter.close() except: pass with no_ssl_verification(): requests.get('https://wrong.host.badssl.example/') print('It works') requests.get('https://wrong.host.badssl.example/', verify=True) print('Even if you try to force it to') requests.get('https://wrong.host.badssl.example/', verify=False) print('It resets back') session = requests.Session() session.verify = True with no_ssl_verification(): session.get('https://wrong.host.badssl.example/', verify=True) print('Works even here') try: requests.get('https://wrong.host.badssl.example/') except requests.exceptions.SSLError: print('It breaks') try: session.get('https://wrong.host.badssl.example/') except requests.exceptions.SSLError: print('It breaks here again') Note that this code closes all open adapters that handled a patched request once you leave the context manager. This is because requests maintains a per-session connection pool and certificate validation happens only once per connection so unexpected things like this will happen:
>>> import requests >>> session = requests.Session() >>> session.get('https://wrong.host.badssl.example/', verify=False) /usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) >>> session.get('https://wrong.host.badssl.example/', verify=True) /usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) Disable Python requests SSL validation for an imported module
I’m running a Python script that uses the requests package for making web requests. However, the web requests go through a proxy with a self-signed cert. As such, requests raise the following Exception: requests.exceptions.SSLError: («bad handshake: Error([(‘SSL routines’, ‘SSL3_GET_SERVER_CERTIFICATE’, ‘certificate verify failed’)],)»,) I know that SSL validation can be disabled in my own code by passing verify=False , e.g.: requests.get(«https://www.google.com», verify=False) . I also know that if I had the certificate bundle, I could set the REQUESTS_CA_BUNDLE or CURL_CA_BUNDLE environment variables to point to those files. However, I do not have the certificate bundle available. How can I disable SSL validation for external modules without editing their code?
2 Answers 2
Note: This solution is a complete hack.
Short answer: Set the CURL_CA_BUNDLE environment variable to an empty string.
$ python import requests requests.get('http://www.google.com') requests.get('https://www.google.com') . File "/usr/local/lib/python2.7/site-packages/requests-2.17.3-py2.7.egg/requests/adapters.py", line 514, in send raise SSLError(e, request=request) requests.exceptions.SSLError: ("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",) $ CURL_CA_BUNDLE="" python import requests requests.get('http://www.google.com') requests.get('https://www.google.com') /usr/local/lib/python2.7/site-packages/urllib3-1.21.1-py2.7.egg/urllib3/connectionpool.py:852: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings InsecureRequestWarning) How it works
This solution works because Python requests overwrites the default value for verify from the environment variables CURL_CA_BUNDLE and REQUESTS_CA_BUNDLE , as can be seen here:
if verify is True or verify is None: verify = (os.environ.get('REQUESTS_CA_BUNDLE') or os.environ.get('CURL_CA_BUNDLE')) The environment variables are meant to specify the path to the certificate file or CA_BUNDLE and are copied into verify . However, by setting CURL_CA_BUNDLE to an empty string, the empty string is copied into verify and in Python, an empty string evaluates to False .
Note that this hack only works with the CURL_CA_BUNDLE environment variable — it does not work with the REQUESTS_CA_BUNDLE . This is because verify is set with the following statement:
verify = (os.environ.get(‘REQUESTS_CA_BUNDLE’) or os.environ.get(‘CURL_CA_BUNDLE’))
It only works with CURL_CA_BUNDLE because » or None is not the same as None or » , as can be seen below:
print repr(None or "") # Prints: '' print repr("" or None ) # Prints: None