Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Verifying HTTPS certificates with urllib.request

Tags:

python

python-3.x

https

ssl

urllib

I am trying to open an https URL using the urlopen method in Python 3's urllib.request module. It seems to work fine, but the documentation warns that "[i]f neither cafile nor capath is specified, an HTTPS request will not do any verification of the server’s certificate".

I am guessing I need to specify one of those parameters if I don't want my program to be vulnerable to man-in-the-middle attacks, problems with revoked certificates, and other vulnerabilities.

cafile and capath are supposed to point to a list of certificates. Where am I supposed to get this list from? Is there any simple and cross-platform way to use the same list of certificates that my OS or browser uses?

like image 696
Elias Zamaria Avatar asked Jun 23 '14 20:06

Elias Zamaria

People also ask

What would you use Urllib request for?

request is a Python module for fetching URLs (Uniform Resource Locators). It offers a very simple interface, in the form of the urlopen function. This is capable of fetching URLs using a variety of different protocols.

What does Urllib request Urlretrieve do?

What does Urllib request Urlretrieve do? In line 14, the urllib. request. urlretrieve() function is used to retrieve the image from the given url and store it to the required file directory.

What is the difference between Urllib request and requests?

Requests - Requests' is a simple, easy-to-use HTTP library written in Python. 1) Python Requests encodes the parameters automatically so you just pass them as simple arguments, unlike in the case of urllib, where you need to use the method urllib. encode() to encode the parameters before passing them.

Is Urllib faster than requests?

I found that time took to send the data from the client to the server took same time for both modules (urllib, requests) but the time it took to return data from the server to the client is more then twice faster in urllib compare to request. I'm working on localhost.

2 Answers

Works in python 2.7 and above

context = ssl.create_default_context(cafile=certifi.where())
req = urllib2.urlopen(urllib2.Request(url, body, headers), context=context)
like image 111
tzatalin Avatar answered Oct 05 '22 23:10

tzatalin

I found a library that does what I'm trying to do: Certifi. It can be installed by running pip install certifi from the command line.

Making requests and verifying them is now easy:

import certifi
import urllib.request

urllib.request.urlopen("https://example.com/", cafile=certifi.where())

As I expected, this returns a HTTPResponse object for a site with a valid certificate and raises a ssl.CertificateError exception for a site with an invalid certificate.

like image 40
Elias Zamaria Avatar answered Oct 05 '22 22:10

Elias Zamaria
Sign in to Comment

Related questions

How do I sum tuples in a list where the first value is the same?
Does Python has a similar library like quantmod in R that can download financial statement data? [closed]
Is there a way to encrypt the MySQL password stored in Django?
Emacs Org Mode: Executing simple python code
Python: Nest more than two types of quotes [duplicate]
matplotlib - change marker color along plot line
How to use the NOAA API to query past weather data for a given set of coordinates
Combine Pandas DataFrame DateTime Columns
Post tweet with tweepy
numpy element-wise multiplication of an array and a vector
Matplotlib scatter marker size
How to determine pid of process started via os.system
Python lambda expression
Display a .png image from python on mint-15 linux
How to find visible bluetooth devices in Python? [duplicate]
Determine if Shapely point is within a LineString/MultiLineString
Unable to set file content type in S3
Python ElementTree "no element found" exception
pip raises stdio.h not found error on Mac OS X Mavericks (10.9)
What is wrong with this extremely simple numpy script? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!