In this tutorial we will learn how to disable SSL validation using Python Requests library.
SSL validation is of extreme importance due to security reasons and it should be done in real application scenarios. Nonetheless, during the developments, it is very common that we want to send requests against a testing server that might have a self a signed certificate. Thus, it is useful to be able to disable this validation for such use cases.
If you don’t have the requests library installed yet, it can be easily done using pip, just by sending the following command:
pip install requests
This tutorial was tested on Python 3.7.2 with version 2.23.0 of the Requests library.
We will start by importing the requests module.
Then, to do the request, we simply need to call the request method. As first input we will pass a string with the HTTP method (“GET”) and as second input the endpoint to which we want to send the request.
Then we will pass an optional parameter called verify with the value False. This will allow to skip the SSL validation.
Note that, as output, this method returns an object of class Response, which we will store in a variable.
response = requests.request("GET", "https://self-signed.badssl.com/", verify = False)
To finalize, we will print the response from the server, which can be obtained in the text property of the Response object.
The full code can be seen below.
import requests response = requests.request("GET", "https://self-signed.badssl.com/", verify = False) print(response.text)
For comparison, we will also do the same request without skipping the SSL validation (when not specified, the parameter verify is set to True).
import requests response = requests.request("GET", "https://self-signed.badssl.com/") print(response.text)
Testing the code
To test the previous code, we will start by running the example where we keep the SSL validation. I’ll be using IDLE, a Python IDE.
You can check the result in figure 1. As can be seen, an exception is thrown, indicating that the certificate is self signed.
Now we will run the example where we disable the SSL validation. The result can be checked below in figure 2.
As can be seen, we can now perform the request and get the response. Note however that a warning is sent to the shell indicating that “certificate validation is strongly advised“. This helps emphasize that, in real application scenarios, such validation should be performed and thus the approach we are seeing here should only be followed for controlled testing scenarios.