Python httplib disble certificate validation

Question

I have the following code to use:

def createCon(host,auth):
    con = httplib.HTTPSConnection(host)
    return con
def _readJson(con,url):
    con.putrequest("GET",url)
    ...
    r = con.getresponse()

It is working on a specific server, but on another I'm getting SSLError. If I open the url from browser, I need to accept the certificate and it is working well. But how can I either accept the certificate or disable it's validation? This is a self-signed certificate stored in a java keystore, so I would prefer to disable the verification... The code is meant to reuse the connection between the requests, so I would prefer not to modify it deeply.

How could I do this? I tried to modify the examples but haven't beend succeded.

con.putrequest("GET",url, verify=False)
or
con.request.verify=False

I do not know how could I access the session or request objects or modify the default settings.

UPDATE this does not help:

socket.ssl.cert_reqs='CERT_NONE'

well, the actual error message is weird...:

SSLError:'[Errno 1] _ssl.c:492: error:100AE081:elliptic curve routines:EC_GROUP_new_by_curve_name:unknown group'

Regards: Bence

Answer 1

Your error message points to a bug in the openssl version you use. See https://bugzilla.redhat.com/show_bug.cgi?id=1022468. In short: the client advertises capabilities it does not have and if the server picks such capability you get this error message. Needs to be fixed by upgrading your local openssl installation. A workaround on the server side should be possible too, if you have control over the server.