Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python requests "certificate verify failed"

I'm maintaining a Python mini-app that uses requests + HTTPS.

The app worked until the IP address of the hostname in the HTTPS URL changed (legitimately). If I point my browser to the URL I can retrieve it fine.

Where does Python/requests keep the analog of ssh's known_hosts and how do I clear it for this host?

$ python --version
Python 2.7.3

$ cat foo.py 
import requests
url = "https://somehost/resource.json"
requests.get(url, timeout=5, config={'danger_mode': True})

$ source venv/bin/activate
$ python foo.py 
Traceback (most recent call last):
  File "foo.py", line 3, in <module>
    requests.get(url, timeout=5, config={'danger_mode': True})
  File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/api.py", line 65, in get
return request('get', url, **kwargs)
  File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/safe_mode.py", line 39, in wrapped
return function(method, url, **kwargs)
  File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/api.py", line 51, in request
return session.request(method=method, url=url, **kwargs)
  File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/sessions.py", line 241, in request
r.send(prefetch=prefetch)
  File "/home/dfukdev/corsair-scripts/alfred/venv/local/lib/python2.7/site-packages/requests/models.py", line 641, in send
raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:504: error:14090086:SSL     routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
like image 276
Garrett Smith Avatar asked Sep 25 '13 08:09

Garrett Smith


People also ask

How do I verify a certificate in Python?

Certification holders may now have others easily verify their certification status by using a unique certificate verification code. The code can be found in the top right-hand corner on all digital certificates issued by the Python Institute.

What does certificate verify failed mean?

Summary. The Ruby OpenSSL error certificate verify failed means your code can't verify that the SSL certificate of the website or API you're connecting to is the real one. It's important to solve this issue correctly to keep your communication secure.

How do I bypass SSL verification in Python?

Method 1: Passing verify=False to request methodAlong with the URL also pass the verify=False parameter to the method in order to disable the security checks.


2 Answers

You're using an ancient version of requests. You'll get a more helpful message if you upgrade to 2.0 and if your site has a certificate mismatch you may be able to fix it by specifying the system certificates which will be able to verify an intermediate certificate. You can also just have requests not verify your certificate as Andre suggested.

like image 102
Ian Stapleton Cordasco Avatar answered Sep 20 '22 13:09

Ian Stapleton Cordasco


It turned out that during the server upgrade mentioned in the question an incorrectly-signed certificate was installed. HTTPS in the browser worked because of the root certificate differences between the Windows browser machine and Ubuntu Python client. HTTPS via a browser from the same Ubuntu machine on which Python was run revealed the certificate problem details.

The IP change had little to do with the problem except to confuse things.

Promoting my comment to an answer as:

  1. this answered my question
  2. this question is getting enough traffic I'd like to share the knowledge.
like image 38
Garrett Smith Avatar answered Sep 23 '22 13:09

Garrett Smith