Last modified: Nov 12, 2024 By Alexander Williams

Python Requests SSL Verification: A Complete Guide

When making HTTPS requests using Python's Requests library, SSL verification is crucial for secure communication. In this guide, we'll explore how to properly handle SSL verification and common challenges.

Understanding SSL Verification

SSL verification ensures that your connection to a website is secure and encrypted. The verify parameter in Python Requests controls this behavior.

Basic SSL Verification


import requests

# Default behavior - SSL verification enabled
response = requests.get('https://api.github.com')

# Explicitly enable SSL verification
response = requests.get('https://api.github.com', verify=True)

Handling SSL Verification Errors

Sometimes you might encounter SSL certificate verification failures. Here's how to handle them safely:


import requests
from requests.exceptions import SSLError

try:
    response = requests.get('https://expired.badssl.com')
except SSLError as e:
    print(f"SSL Error: {e}")


SSL Error: SSL: CERTIFICATE_VERIFY_FAILED

Custom Certificate Authority

For internal servers or custom certificates, you can specify your own CA certificate:


response = requests.get('https://internal-server.com', verify='/path/to/certfile')

Disabling SSL Verification (Not Recommended)

Warning: Disabling SSL verification makes your connections vulnerable to man-in-the-middle attacks. Only use this for testing purposes.


import requests
import urllib3

# Suppress only the single warning from urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)

response = requests.get('https://api.github.com', verify=False)

Using SSL Certificates with Sessions

When making multiple requests, use sessions to maintain consistent SSL settings:


session = requests.Session()
session.verify = '/path/to/certfile'
response = session.get('https://api.example.com')

Client Certificates

Some APIs require client certificates for authentication. Here's how to use them:


requests.get('https://api.example.com', 
             cert=('/path/to/client.cert', '/path/to/client.key'))

Best Practices

1. Always keep SSL verification enabled in production environments

2. Use updated CA certificates from trusted sources

3. Properly handle SSL exceptions in your code

4. Regularly update your requests library for security patches

Conclusion

Proper SSL verification is essential for secure HTTP communications. While debugging, you might need to modify SSL settings, but always ensure proper verification in production environments.

For more advanced usage, check out our guides on asynchronous requests and authentication.