When using Python for data collection, we often encounter error messages like the one below:
URLError: <urlopen error[SSL:CERTIFICATE_VERIFY_FAILED]>
Cause Analysis:
The first reason is that if a self-signed certificate is used, the internal server or development environment may employ a self-signed SSL certificate. Since these certificates are not signed by a public Certificate Authority (CA), the default SSL context in Python considers it unsafe and thus refuses the connection.
The second reason is that in a testing environment, if a proper SSL certificate is not used, or if the certificate has expired, the connection will also be refused.
Solution:
Is there a simple way to resolve the above error message? You can add the following two lines of code to make Python‘s HTTPS requests no longer verify the SSL certificate.
import ssl
ssl._create_default_https_context = ssl._create_unverified_contextHowever, it must be noted that while this resolves the error, it also introduces potential risks. By bypassing certificate verification, you cannot guarantee that the server you are communicating with is the one you intend to connect to. This allows an attacker to potentially impersonate the target server, intercepting and altering your data, which is known as a man-in-the-middle attack.
A man-in-the-middle attack is akin to writing letters between you and a friend. The letter should go directly from you to your friend, but a malicious person intercepts it along the way. They read the content of the letter and may even modify it according to their own intentions before passing the altered letter to your friend. Your friend thinks they received your original letter, but it has actually been tampered with by the malicious person.
In the online world, the principle is similar. For example, when you shop online, you need to transmit some information between you and the shopping website, such as your account password and product information. Normally, this information should be transmitted directly between you and the shopping website.
However, if a hacker launches a man-in-the-middle attack, they will find a way to insert themselves between you and the shopping website. As a result, the information you send to the shopping website first goes to the hacker, who can view or even alter the information before sending the modified information to the shopping website.
The information the shopping website sends back to you also goes through the hacker, who can view or modify it before delivering it to you. Both you and the shopping website are unaware that a hacker is meddling in the communication, which could lead to personal information leakage or receiving products that are not what you originally intended to buy.
That’s all for today’s sharing. Thank you very much for your attention and likes for the “Python SQL Review” public account. If you feel that my public account can bring you some benefits, please share it with your friends so that more people can see and understand it. Perhaps your casual likes and shares will provide others with a unique experience and insight.