Python requests lib with SSL version 3

Question

I trying to access a SOAP server with python requests lib and I found this problem

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

Everything is right, using the same url, certificate, and header used in similar application wrote in PHP, which works fine, except by in python I didn't set SSL version, I would like to know what could be wrong in my code

header = {
    'Content-Type': 'application/soap+xml;charset=utf-8',
    'SOAPAction': '"nfeConsultaNF2"',
    'Content-length': len(requisicao)
}    
chave = "43160189823918000144550020000200401010200408"
requisicao = '<?xml version="1.0" encoding="utf-8"?><soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope"><soap12:Header><nfeCabecMsg xmlns="http://www.portalfiscal.inf.br/nfe/wsdl/NfeConsulta2"><cUF>43</cUF><versaoDados>3.10</versaoDados></nfeCabecMsg></soap12:Header><soap12:Body><nfeDadosMsg xmlns="http://www.portalfiscal.inf.br/nfe/wsdl/NfeConsulta2"><consSitNFe xmlns="http://www.portalfiscal.inf.br/nfe" versao="3.10"><tpAmb>1</tpAmb><xServ>CONSULTAR</xServ><chNFe>'+chave+'</chNFe></consSitNFe></nfeDadosMsg></soap12:Body></soap12:Envelope>';

s = requests.session()
s.mount(url.web_url,Ssl3HttpAdapter())

response = s.post(
    "https://nfe.sefazrs.rs.gov.br/ws/NfeConsulta/NfeConsulta2.asmx",
    data=requisicao,
    headers=header,
    cert=("C:\\xampp\htdocs\consultar\cert.pem","C:\\xampp\htdocs\consultar\priv.pem")
)

Ssl3Adapter is defined by this class

class Ssl3HttpAdapter(HTTPAdapter):
""""Transport adapter" that allows us to use SSLv3."""

def init_poolmanager(self, connections, maxsize, block=False):
    self.poolmanager = PoolManager(num_pools=connections,
                                   maxsize=maxsize,
                                   block=block,
                                   ssl_version=ssl.PROTOCOL_SSLv3)

Any advise? ps. I cannot provide my certificate

Answer 1

[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

The certificate can not be verified by python and it can not be verified by others, as you can see in this report from SSLLabs.

PHP, which works fine, ..

Either the certificate or its issuer where explicitly trusted by PHP or you are using an older version of PHP which simply does not verify the certificate by default and thus the verification will not fail.

ssl_version=ssl.PROTOCOL_SSLv3)

This server is actually supporting TLS 1.0 (but not TLS 1.1 or TLS 1.2) as you can see from the report by SSLLabs. Thus there should be no need to restrict the version to SSL 3.0.