Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Python Requests with wincertstore

I'm trying to connect to my corporate's internal webpages through the requests package, but since python does not use the windows default trusted certificates the connection is denied. I found out that wincertstore can be used to fetch the windows default certificates. But I'm still not sure how to use that along with the my request. Below is the code I have tried so far.............

import requests, socket, atexit, ssl, wincertstore
from requests.auth import HTTPBasicAuth
certfile = wincertstore.CertFile()
certfile.addstore("CA")
certfile.addstore("ROOT")
atexit.register(certfile.close)
ssl_sock = ssl.wrap_socket(s,ca_certs=certfile.name, 
cert_reqs=ssl.CERT_REQUIRED)
requests.get(url)

I get the following error................... requests.exceptions.SSLError: HTTPSConnectionPool(host='myhost', port=443): Max retries exceeded with url: myurl (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'tls_process_server_certificate', 'certificate verify failed')],)",),))

I am able to use wget on the same url and download the content.

wget --no check certificate --user=my username --password=my password URL

But I am not interested in downloading the content as I only need to scrape a small portion of the webpage content.

Pythin version = 3.6.5

Wincertstore link - Link

Thanks in advance for your help..............

like image 608
adimessi30 Avatar asked May 19 '18 05:05

adimessi30


People also ask

Does Python use Windows Certificate store?

On Windows, Python automatically loads certificates from the Windows certificate store.

What is Wincertstore?

wincertstore provides an interface to access Windows' CA and CRL certificates. It uses ctypes and Windows's sytem cert store API through crypt32. dll.

What certificate store does Python use?

By default, the Python ssl module uses the system CA certificate bundle - /etc/pki/tls/certs/ca-bundle.

What is Python certifi win32?

This package patches certifi at runtime to also include certificates from the windows certificate store. This will allow packages such as requests (and tools based on it, like pip) to verify tls/ssl connections to servers who's ca is trusted by your windows install.


1 Answers

I had a similar issue and fixed it using the python-certifi-win32 package:

pip install python-certifi-win32

now you can just use:

requests.get(url, verify=True)

and the certificate is checked using the Windows Certificate Store.

Edit: This only works if the certificate is installed in the Windows Certificate Store...

like image 93
clfaster Avatar answered Sep 20 '22 15:09

clfaster