2

When I try to access any HTTP website, even one of the most popular, I get a SSL warning from urllib3 module.

>>> import urllib3
>>> http = urllib3.PoolManager()
>>> http.request("GET", "https://www.google.de")
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
<urllib3.response.HTTPResponse object at 0x7f5251466c90>
>>>

Can somebody please help me getting this fixed?

Unfortunately I have to use a API that is apparently using urllib3 under the hood to do the actual REST calls.

So I have to get it fixed w/o avoiding urllib3 module. I've already checked the ca certificates using ssl.SSLContext.get_ca_certs() which contains the CA certificate. Doing the same with curl or openssl, works without any verification warnings.

Thanks in advance.

Alex
  • 53
  • 5
  • Why not just suppress the messages. https://stackoverflow.com/questions/27981545/suppress-insecurerequestwarning-unverified-https-request-is-being-made-in-pytho – scotts May 29 '20 at 22:34
  • 1
    Not only since the documentation of **urllib3** writes _Making unverified HTTPS requests is strongly discouraged_, I haveto get it working with the SSL certificate verified. I have to get notice, once there is something wrong with the certificate. – Alex May 29 '20 at 22:38
  • 1
    Did you try to follow the docs for Python 2 & urllib3? https://urllib3.readthedocs.io/en/latest/user-guide.html#certificate-verification-in-python-2 – schlenk May 29 '20 at 22:48

1 Answers1

1

The urllib3 docs explain how to explicitly specify a certificate bundle. You just have to pass the path to your certificates when you initialize PoolManager():

import urllib3

http = urllib3.PoolManager(
    cert_reqs="CERT_REQUIRED",
    ca_certs="/path/to/your/certificate_bundle"
)
resp = http.request("GET", "https://example.com")

By default it uses the certifi certificate bundle, so you shouldn't even have to do this unless you are using self-signed certificates or a private CA. If you are seeing this problem with popular sites, something is wrong with your CA related environment variables or your certifi bundle, or you are hitting a bug. Upgrade to the latest versions of certifi and urllib3. Some CA related behavior has also changed in recent versions.

Amit Naidu
  • 2,494
  • 2
  • 24
  • 32
  • 1
    Seems that I was really using a buggy version. Today I cannot reproduce the issue. But the hint with the explicit CA certificate bundle specificiation is really helpful. – Alex Aug 06 '22 at 12:09