Verifying SSL Certificate Urllib2

Question

Verifying SSL Certificate Urllib2

I was trying to access web pages with expired / invalid certificates. When I access the URL from the browser, I get a security warning Your connection is not private

. But when I use python to access the same page, I don't get any errors. The code I used below is

import urllib2
url  = 'https://expired.badssl.com/' 
request = urllib2.Request(url) 
result = urllib2.urlopen(request)     
print (result.read())

Why am I not getting an SSL certificate error in urllib2?

UPDATE

I determined that the page being loaded was my web authentication page.

But when i use requests

i get SSL exception. why is urllib2 behavior different from request behavior?

+3

python ssl urllib2

Kajal 03 Aug 17 at 10:16

source to share

1 answer

Lehych · Answer 1 · 2017-09-19T15:41:59+0000

Python before 2.7.9 did not validate certificates.

Python 2.7.9 includes a number of network security enhancements that have been approved for inclusion in the servicing version of Python 2.7. PEP 476 modifies several standard library modules such as httplib, urllib2, and xmlrpclib, by default verifies certificates presented by servers over secure (TLS) connections.

from 2.7.14 installation notes.

Also see

PEP 476 - Enable Default Certificate Validation for HTTPS
PEP 493 - HTTPS Verification Migration Tools for Python 2.7
Documentation for ssl._https_verify_certificates https://docs.python.org/2.7/library/ssl.html#ssl._https_verify_certificates

Verifying SSL Certificate Urllib2

More articles: