Python - Suppress Insecure Requests Warnings

When you make an HTTP request using the requests module, it checks the SSL certificate of the target server. If the SSL certificate is not signed by a trusted authority or if the certificate is self-signed, python will show a traceback error.

Running a request like this when "url" has a non trusted certificate...

response = requests.get(url, headers=headers)

... would return the error...

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
    chunked=chunked)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_request
    self._validate_conn(conn)
  File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _validate_conn
    conn.connect()
  File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 358, in connect
    ssl_context=context)
  File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 347, in ssl_wrap_socket
    return context.wrap_socket(sock, server_hostname=server_hostname)
  File "/usr/lib/python3.7/ssl.py", line 412, in wrap_socket
    session=session
  File "/usr/lib/python3.7/ssl.py", line 886, in _create
    self.do_handshake()
  File "/usr/lib/python3.7/ssl.py", line 1150, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate (_ssl.c:1056)

We can avoid that error by disabling certificate verification...

response = requests.get(url, headers=headers, verify=False)

... raising a InsecureRequestWarning. This warning is intended to notify you that the connection is not secure, potentially exposing you to man-in-the-middle attacks...

/usr/lib/python3/dist-packages/urllib3/connectionpool.py:849: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

💥

Remember that security should be a top priority, and you should only suppress certificate validation and warnings when it's absolutely necessary for your specific use case. Always be cautious when handling insecure connections and make informed decisions to protect your application and its users.

To supress the warning, you can add this to the script so it configures the requests module not to show them:

requests.packages.urllib3.disable_warnings()

In this blog post, we discussed how to suppress insecure requests warnings when using the Python requests module. While disabling these warnings is sometimes necessary during development and testing, it is crucial to re-enable them in production to maintain a secure connection to remote servers.