0

I am trying to use hash-buster and making requests from my server to database's of hash-buster. and each time I get this error:

Hash function : MD5
/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning

I am new in python 3 also in Ubuntu(19.04). Please help me about adding certificate in my server, actually I need a step by step guide to install and activate it (or whatever).

I found my certifications in my server: (etc/ssl/certs/ca-certificates.crt). Is it possible to use my own certifications?

I hope my questions is clear, please feel free to ask me questions to make it clearer.

MSH Developer
  • 73
  • 1
  • 15

1 Answers1

2

I am trying to use hash-buster....

I'm assuming that you mean this project.

... Unverified HTTPS request is being made. Adding certificate verification is strongly advised. ...

The code contains the following line, which probably is the reason for this warning:

response = requests.get('https://www.nitrxgen.net/md5db/' + hashvalue, verify=False).text

So it is explicitly disabling certificate validation here with verify=False. Given that there are other HTTPS requests in the code and this one is the only one with certificate validation disabled, it is likely to work around a problem with the site.

And, the SSLLabs report for www.nitrxgen.net shows that that the site is not properly configured:

This server's certificate chain is incomplete. Grade capped to B.

This incomplete certificate chain causes requests to fail. To work around the broken site one need to either import the missing chain certificate in the trust store or have it explicitly trusted by the code.

Since there are many similar questions already I don't want to repeat all the details. See for example Python requests SSL error - certificate verify failed , Python Requests getting SSLerror, SSL error with Python requests despite up-to-date dependencies for more.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • hi, this api does not force ssl so scripts can also use a http:// option which may be a lot faster especially if the script will be requesting several times per second, however, i didn't realise the certificate chain could be an issue (i own nitrxgen.net and created the api, but i did not write the python script in question but i assume whoever wrote it did not have such errors), i'll look into the certs regardless, thanks – nxasdf Jun 10 '21 at 18:04