I cant seem to get the handshake working properly.
cert = 'path/to/cert_file.pem'
url = 'https://example.com/api'
requests.get(url, cert=cert, verify=True)
This is fine when I use it locally where I have the file physically. We host our application on heroku and use environvariables.
The requests module doesnt seem to accept certificates as strings. eg.
$ export CERTIFICATE="long-list-of-characters"
requests.get(url, cert=get_env('CERTIFICATE'), verify=True)
I have also tried something like this:
cert = tempfile.NamedTemporaryFile()
cert.write(CERTIFICATE)
cert.seek(0)
requests.get(url, cert=cert.name, verify=True)
First of all, it works locally but not on heroku. Anyways, it doesnt feel like a solid solution. I get a SSL handshake error.
Any suggestions?
SSL Certificate Verification – Python requests Last Updated : 05 Mar, 2020 Requests verifies SSL certificates for HTTPS requests, just like a web browser. SSL Certificates are small data files that digitally bind a cryptographic key to an organization’s details.
The requests module allows you to send HTTP requests using Python. The HTTP request returns a Response Object with all the response data (content, encoding, status, etc).
To disable certificate verification, at the client side, one can use verify attribute. Since output response 200 is printed, we can assume that request was successful. one can also pass the link to the certificate for validation via python requests only.
Definition and Usage The requests module allows you to send HTTP requests using Python. The HTTP request returns a Response Object with all the response data (content, encoding, status, etc). Download and Install the Requests Module
Vasili's answer is technically correct, though per se it doesn't answer your question. The keyfile, truly, must be unencrypted to begin with.
I myself have just resolved a situation like yours. You were on the right path; all you had to do was
1. Pass delete=False
to NamedTemporaryFile()
, so the file wouldn't be deleted after calling close()
2. close()
the tempfile before using it, so it would be saved
Note that this is a very unsafe thing to do. delete=False
, as I understand, causes the file to stay on disk even after deleting the reference to it. So, to delete the file, you should manually call os.unlink(tmpfile.name)
.
Doing this with certificates is a huge security risk: you must ensure that the string with the certificate is secured and hidden and nobody has access to the server.
Nevertheless, it is quite a useful practice in case of, for example, managing your app both on a Heroku server as a test environment and in a Docker image built in the cloud, where COPY
directives are not an option. It is also definitely better than storing the file in your git repository :D
This is an old question, but since I ended up here and the question wasn't answered I figure I'll point to the solution I came up with for a similar question that can be used to solve the OP's problem.
This can be done by monkey patching requests
using this technique.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With