SSL Certificate Verification
All HTTP methods implemented by the
requests library use SSL encryption by default. This lesson will show you how you can disable it, too.
When sending sensitive data, security is important. SSL Certificate verification is included by default inside of
requests has a package called
certifi that provides Certificate Authorities. This lets
requests know what authorities it can trust.
Let’s test it out. I’m back here in the REPL and I’ve already imported
requests. If we’d like to disable the SSL Certificate verification, we can do that by passing
False into the
verify parameter of a request function.
So that will come back and say that you’re attempting an insecure request. It said
Unverified HTTPS request is being made. Adding certificate
verification is strongly advised. It still was a successful request, but—going back to authentication—without SSL you would be sending via Basic authorization your username and password in plaintext, so it’s important that it gets encrypted using SSL.
Become a Member to join the conversation.