How do I have python httplib accept untrusted certs?

Question

How do I have python httplib accept untrusted certs? I created a snake oil/self signed cert on my webserver, and my python client fails to connect as I am using a untrusted

Answer 1

From inspecting the Python 2.7.14 source code, you may set an environment variable

PYTHONHTTPSVERIFY=0

and this will cause certificate verification to be disabled by default (this will apply to all requests from your program).

I believe this works from 2.7.12+ - but it does not apply to 3.x.

Ref. PEP 493: Verify HTTPS by default, but allow envvar to override that

Answer 2

Some of my scripts stopped working after updating my computer. Turns out, this was the problem: https://docs.python.org/2/library/httplib.html#httplib.HTTPSConnection

Changed in version 2.7.9: context was added.

This class now performs all the necessary certificate and hostname checks by default. To revert to the previous, unverified, behavior ssl._create_unverified_context() can be passed to the context parameter.

So if your version of Python is >= 2.7.9 (2.7.10 in my case), you'll likely run into this. To fix it, I updated my call:

httplib.HTTPSConnection(hostname, timeout=5, context=ssl._create_unverified_context())

This is likely the simplest change to retain the same behavior.