SSL InsecurePlatform error when using Requests package

Question

Im using Python 2 7 3 and Requests  I installed Requests via pip  I believe it s the latest version  I m running on Debian Wheezy   I ve used Requests lots of times in the past and never faced this issue  but it seems that when making https requests with Requests I get an InsecurePlatform exception   The error mentions urllib3  but I don t have that installed  I did install it to check if it resolved the error  but it didn t    usr local lib python2 7 dist-packages requests packages urllib3  util ssl  py 79  InsecurePlatformWarning  A true SSLContext object is not available  This prevents urllib3 from configuring SSL appropriately and  may cause certain SSL connections to fail  For more information  see  https   urllib3 readthedocs org en latest    security html insecureplatformwarning    Any ideas as to why I m getting this  I ve checked the docs  as specified in the error message  but the docs are saying to import urllib3 and either disable the warning  or provide a certificate

User · Answer

Requests 2 6 introduced this warning for users of python prior to 2 7 9 with only stock SSL modules available   Assuming you can t upgrade to a newer version of python  this will install more up-to-date python SSL libraries   pip install --upgrade ndg-httpsclient    HOWEVER  this may fail on some systems without the build-dependencies for pyOpenSSL  On debian systems  running this before the pip command above should be enough for pyOpenSSL to build   apt-get install python-dev libffi-dev libssl-dev

User · Answer

If you are not able to upgrade your Python version to 2 7 9  and want to suppress warnings    you can downgrade your  requests  version to 2 5 3   sudo pip install requests  2 5 3   About version  http   fossies org diffs requests 2 5 3 vs 2 6 0 requests packages urllib3 util ssl  py-diff html

User · Answer

Use the somewhat hidden security feature   pip install requests security  or pip install pyOpenSSL ndg-httpsclient pyasn1   Both commands install following extra packages    pyOpenSSL cryptography idna   Please note that this is not required for python-2 7 9    If pip install fails with errors  check whether you have required development packages for libffi  libssl and python installed in your system using distribution s package manager    Debian Ubuntu - python-dev libffi-dev libssl-dev packages  Fedora - openssl-devel python-devel libffi-devel packages    Distro list above is incomplete   Workaround  see the original answer by  TomDotTom    In case you cannot install some of the required development packages  there s also an option to disable that warning   import requests packages urllib3 requests packages urllib3 disable warnings     If your pip itself is affected by InsecurePlatformWarning and cannot install anything from PyPI  it can be fixed with this step-by-step guide to deploy extra python packages manually

User · Answer

I had to go to bash  from ZSH  first  Then  sudo -H pip install  requests security   --upgrade   fixed the problem

User · Answer

I don t use this in production  just some test runners  And to reiterate the urllib3 documentation      If you know what you are doing and would like to disable this and   other warnings   import requests packages urllib3 requests packages urllib3 disable warnings     Edit   Update   The following should also work   import logging import requests    turn down requests log verbosity logging getLogger  requests   setLevel logging CRITICAL

User · Answer

if you just want to stopping insecure warning like       usr lib python3 dist-packages urllib3 connectionpool py 794    InsecureRequestWarning  Unverified HTTPS request is being made  Adding   certificate verification is strongly advised  See    https   urllib3 readthedocs org en latest security html   InsecureRequestWarning    do   requests METHOD  https   www google com   verify False       verify False   is the key  followings are not good at it      requests packages urllib3 disable warnings     or     urllib3 disable warnings     but  you HAVE TO know  that might cause potential security risks

User · Answer

I had same problem with  Mac Pycharm community edition 2019 3  Python interpreter 3 6   Upgrading pip with 20 0 2 worked for me  Pycharm -- gt  Preferences -- gt  Project Interpreter -- gt  click on pip -- gt  specify version 20 0 2 -- gt  Install package

User · Answer

Dont install pyOpenSSL as it shall soon be deprecated  Current best approach is-  import requests requests packages urllib3 disable warnings

User · Answer

I just had a similar issue on a CentOS 5 server where I installed python 2 7 12 in  usr local on top of a much older version of python2 7   Upgrading to CentOS 6 or 7 isn t an option on this server right now   Some of the python 2 7 modules were still existing from the older version of python  but pip was failing to upgrade because the newer cryptography package is not supported by the CentOS 5 packages   Specifically   pip install requests security   was failing because the openssl version on the CentOS 5 was 0 9 8e which is no longer supported by cryptography   1 4 0   To solve the OPs original issue I did   1  pip install  cryptography lt 1 3 5  gt 1 3 0       This installed cryptography 1 3 4 which works with openssl-0 9 8e       cryptograpy 1 3 4 is also sufficient to satisfy the requirement for the     following command   2  pip install  requests security     This command now installs because it doesn t try to install cryptography   1 4 0   Note that on Centos 5 I also needed to   yum install openssl-devel   To allow cryptography to build

User · Answer

This answer is unrelated  but if you  wanted to get rid of warning and get following warning from requests   InsecurePlatformWarning  usr local lib python2 7 dist-packages requests packages urllib3 util ssl  py 79  InsecurePlatformWarning  A true SSLContext object is not available  This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail  For more information  see https   urllib3 readthedocs org en latest security html insecureplatformwarning   You can disable it by adding the following line to your python code   requests packages urllib3 disable warnings

User · Answer

For me no work i need upgrade pip      Debian Ubuntu  install dependencies  sudo apt-get install libpython-dev libssl-dev libffi-dev   upgrade pip and install packages  sudo pip install -U pip sudo pip install -U pyopenssl ndg-httpsclient pyasn1   If you want remove dependencies  sudo apt-get remove --purge libpython-dev libssl-dev libffi-dev sudo apt-get autoremove

User · Answer

All of the solutions given here haven t helped  I m constrained to python 2 6 6   I ve found the answer in a simple switch to pass to pip     sudo pip install --trusted-host pypi python org  lt module name gt    This tells pip that it s OK to grab the module from pypi python org   For me  the issue is my company s proxy behind it s firewall that makes it look like a malicious client to some servers   Hooray security      Update  See  Alex  s answer  for changes in the PyPi domains  and additional --trusted-host options that can be added    I d copy paste here  but his answer  so  1 him

User · Answer

In fact  you can try this   requests post  https   www google com   verify False   you can read the code for requests     C  Python27 Lib site-packages requests sessions py   class Session SessionRedirectMixin           def request self  method  url      params None      data None      headers None      cookies None      files None      auth None      timeout None      allow redirects True      proxies None      hooks None      stream None      verify None      lt              cert None                        param verify   optional  if True  the SSL cert will be verified           A CA BUNDLE path can also be provided

User · Answer

This came up for me on Ubuntu 14 04  with Python 2 7 6  last week after i did a apt-get dist-upgrade that included libssl1 1 amd64 from deb sury org    Since I run certbot-auto renew from a cron job  I also use the --no-self-upgrade to cut down on unscheduled maintenance  This seems to have been the source of the trouble    To fix the error  all I needed to do was become root  with su s --login switch  and let certbot-auto upgrade itself  I e    sudo su --login  usr local bin certbot-auto renew        Upgrading certbot-auto 0 8 1 to 0 18 2    blah blah blah       instead of what normally runs from root s crontab    5 7        usr local bin certbot-auto renew --quiet --no-self-upgrade   After that  letsencrypt renwals ran normally once again

User · Answer

Below is how it s working for me on Python 3 6   import requests import urllib3    Suppress InsecureRequestWarning  Unverified HTTPS urllib3 disable warnings

[python] SSL InsecurePlatform error when using Requests package

Examples related to python

Examples related to ssl

Examples related to python-requests