Skip to content

Instantly share code, notes, and snippets.

@ssbarnea

ssbarnea/python-test-ssl.py

Last active May 18, 2021 13:59
Show Gist options
  • Save ssbarnea/8007689 to your computer and use it in GitHub Desktop.
Save ssbarnea/8007689 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
python-test-ssl.py
#!/usr/bin/env python
import os
import sys
import platform
import requests
import requests.utils
import certifi
print "os: ", platform.platform()
print "python ", sys.version
print "requests: ", requests.__version__
print "certifi.where: ", certifi.where()
certs = '/etc/ssl/certs/ca-certificates.crt'
print "=== test 1 ==="
r = requests.get('https://github.com/timeline.json')
print r
print "=== test 2 ==="
os.system('curl https://sbarnea.com')
print "=== test 3 ==="
os.system('curl --cacert %s https://sbarnea.com' % certs)
print "=== test 4 ==="
r = requests.get('https://sbarnea.com')
print r
print "=== test 5 ==="
os.environ['REQUESTS_CA_BUNDLE'] = certs
os.environ['CURL_CA_BUNDLE'] = certs
r = requests.get('https://sbarnea.com')
print r
print "done"
Raw
ubuntu.log
root@smini:/# ./python-test-ssl.py
os: Linux-3.11.0-13-generic-x86_64-with-Ubuntu-13.10-saucy
python 2.7.5+ (default, Sep 19 2013, 13:48:49)
[GCC 4.8.1]
requests: 2.1.0
certifi.where: /usr/local/lib/python2.7/dist-packages/certifi/cacert.pem
=== test 1 ===
<Response [200]>
=== test 2 ===
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
=== test 3 ===
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a "bundle"
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn't adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you'd like to turn off curl's verification of the certificate, use
the -k (or --insecure) option.
=== test 4 ===
Traceback (most recent call last):
File "./python-test-ssl.py", line 29, in <module>
r = requests.get('https://sbarnea.com')
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 55, in get
return request('get', url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/api.py", line 44, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 382, in request
resp = self.send(prep, **send_kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/sessions.py", line 485, in send
r = adapter.send(request, **kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests/adapters.py", line 379, in send
raise SSLError(e)
requests.exceptions.SSLError: [Errno 1] _ssl.c:509: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment