Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

Fix for #30: options for certificate validation and client certs. #315

Closed
wants to merge 1 commit into from

3 participants

@sciyoshi

Quick fix for issue #30. Note that this doesn't do hostname matching when verifying, although this is an issue in urllib3 - maybe it should use backports.ssl_match_hostname if available.

For example, you can set the global ca_certs and enable cert verification with

import requests

requests.defaults.defaults['verify_cert'] = True
requests.defaults.defaults['ca_certs'] = '/etc/ssl/certs/ca-certificates.crt'
@sciyoshi sciyoshi Fix for #30: options for certificate validation and client certs.
Note that this doesn't do hostname matching when verifying,
although this is an issue in urllib3 - maybe it should use
[`backports.ssl_match_hostname`][1] if available.

[1]: http://pypi.python.org/pypi/backports.ssl_match_hostname/
fa96618
@kennethreitz

Awesome!

Those default dicts shouldn't be touched by any users. There needs to be a better API for this.

@piotr-dobrogost

Those default dicts shouldn't be touched by any users.

This would be not quite pythonic I guess :)

@kennethreitz

Requests v0.8.8 was just released that includes ssl verification!

http://docs.python-requests.org/en/latest/user/advanced/#ssl-cert-verification

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 21, 2011
  1. @sciyoshi

    Fix for #30: options for certificate validation and client certs.

    sciyoshi authored
    Note that this doesn't do hostname matching when verifying,
    although this is an issue in urllib3 - maybe it should use
    [`backports.ssl_match_hostname`][1] if available.
    
    [1]: http://pypi.python.org/pypi/backports.ssl_match_hostname/
This page is out of date. Refresh to see the latest.
Showing with 26 additions and 1 deletion.
  1. +12 −0 requests/defaults.py
  2. +14 −1 requests/models.py
View
12 requests/defaults.py
@@ -19,6 +19,14 @@
:pool_maxsize: The maximium size of an HTTP connection pool.
:pool_connections: The number of active HTTP connection pools to use.
+HTTPS configuration options:
+
+:verify_cert: Whether to verify server SSL certificates (default: ``False``)
+:ca_certs: A path to a concatenated certificate authority file. Required if
+ ``verify_cert`` is True.
+:client_cert_file: Optional client-side certificate file.
+:client_key_file: Optional client-side private key file.
+
"""
from . import __version__
@@ -40,3 +48,7 @@
defaults['max_retries'] = 0
defaults['safe_mode'] = False
defaults['keep_alive'] = True
+defaults['verify_cert'] = False
+defaults['ca_certs'] = None
+defaults['client_cert_file'] = None
+defaults['client_key_file'] = None
View
15 requests/models.py
@@ -420,6 +420,15 @@ def send(self, anyway=False, prefetch=False):
else:
conn = connectionpool.connection_from_url(url)
+ # Set any SSL-related options on the connection
+ if conn.scheme == 'https':
+ if self.config.get('verify_cert'):
+ conn.cert_reqs = 'CERT_REQUIRED'
+ conn.ca_certs = self.config.get('ca_certs')
+
+ conn.cert_file = self.config.get('client_cert_file')
+ conn.key_file = self.config.get('client_key_file')
+
if not self.sent or anyway:
if self.cookies:
@@ -461,7 +470,11 @@ def send(self, anyway=False, prefetch=False):
else:
r = None
- except (_SSLError, _HTTPError), e:
+ except _SSLError, e:
+ if not self.config.get('safe_mode', False):
+ raise ConnectionError(e)
+
+ except (_HTTPError), e:
if not self.config.get('safe_mode', False):
raise Timeout('Request timed out.')
Something went wrong with that request. Please try again.