Verifying SSL Certificate Urllib2
I was trying to access web pages with expired / invalid certificates. When I access the URL from the browser, I get a security warning Your connection is not private
. But when I use python to access the same page, I don't get any errors. The code I used below is
import urllib2 url = 'https://expired.badssl.com/' request = urllib2.Request(url) result = urllib2.urlopen(request) print (result.read())
Why am I not getting an SSL certificate error in urllib2?
UPDATE
I determined that the page being loaded was my web authentication page.
But when i use requests
i get SSL exception. why is urllib2 behavior different from request behavior?
source to share
Python before 2.7.9 did not validate certificates.
Python 2.7.9 includes a number of network security enhancements that have been approved for inclusion in the servicing version of Python 2.7. PEP 476 modifies several standard library modules such as httplib, urllib2, and xmlrpclib, by default verifies certificates presented by servers over secure (TLS) connections.
from 2.7.14 installation notes.
Also see
- PEP 476 - Enable Default Certificate Validation for HTTPS
- PEP 493 - HTTPS Verification Migration Tools for Python 2.7
- Documentation for ssl._https_verify_certificates https://docs.python.org/2.7/library/ssl.html#ssl._https_verify_certificates
source to share