When sending a request to a specific URL I get an SSL error and I am not sure why. First please see the error message I am presented with:
requests.exceptions.SSLError: HTTPSConnectionPool(host='dicmedia.korean.go.kr', port=443): Max retries exceeded with url: /multimedia/naver/2016/40000/35000/14470_byeon-gyeong.wav (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:997)')))
I already tried:
verify="private/etc/ssl/certs"I am honestly at loss why I receive this error. As the error message itself indicates it seems that the server in question could get my local certificates somehow. The script worked until a week before. I did not update Python before then. Right now I use python 3.10.2 downloaded from the official website.
I don't want to set verify=False as this just skips the verification process and leaves me vulnerable as numerous people already pointed out at different questions. Besides that it really bothers me that I can't resolve the error.
Any help is much appreciated. See the specific request:
import requests
def request(url):
response = requests.get(url, verify="/private/etc/ssl/certs")
print(response)
request("https://dicmedia.korean.go.kr/multimedia/naver/2016/40000/35000/14470_byeon-
gyeong.wav")
The problem was that not all certificates needed were included in Python's cacert.pem file. To tackle this I downloaded the certifi module at first. As this didn't work out as well I suppose as certifi also missed the necessary certificates.
But I suppose not all certificates in the certificate where missing. As answers to similar questions indicated as well mostly what is missing is not the entire chain, but only the intermediate certificates.
After:
1. downloading the necessary certificates (see the lock symbol in your browser; if you're on OSX you need to drag and drop the big images of the certificates to your finder or desktop etc.),
2. converting them to .perm files and bundling them together: cat first_cert.pem second_cert.pem > combined_cert.pem
and
3. providing the specific path of the bundled certificates as indicated in my question: verify="private/etc/ssl/certs (you may of course choose a different file path).
my request got accepted by the server.
I guess my mistake when trying this solution was that I didn't download the entire chain at first, but only the last certificate.
I really hope this helps someone else as a point of reference.
What I am still dying to know though, is why the error popped up in the first place. I didn't change my script at all and use it on a regular basis, but suddenly got presented with said error. Was the reason that the server I tried to reach change its certificates?