Download from URL with expired SSL certificate

Question

Download from URL with expired SSL certificate

Closed this issue 2 years ago · 4 comments

Thanks a lot for providing this really helpful tool!

I am trying to download a file from an URL that has an expired SSL certificate. I know that the URL is safe to use so I want to try to circumvent the error. Any suggestion on how to do that with pooch?

The error that I get is the following, which is caused by urllib3 / ssl:

ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate has expired

Answer 1 · 2023-03-28T13:37:25.000Z

Hey @tomasstolker! pooch is using the requests library under the hood which allows you to disable SSL checking. The way to pass such an option to pooch would be to manually instantiate the HTTPDownloader and give it the correct additional options:

import pooch

downloader = pooch.HTTPDownloader(verify=False)
filename = pooch.retrieve(URL, known_hash=HASH, downloader=downloader)

Note that I tested the above snippet, but only with a server that also has a certificate.

Answer 2 · 2023-03-28T13:53:32.000Z

Thanks a lot for your quick reply @dokempf! That works perfectly!

Answer 3 · 2023-03-28T18:54:34.000Z

Thanks @tomasstolker for opening this issue, and thanks @dokempf for the reply!

I think this issue has been resolves, so I'm closing it.

I still want to mention (specially for future readers) that disabling SSL verification is not a secure practice and it could potentially lead to getting malware in our systems.

🚨🚨🚨
So, BE EXTREMELY CAUTIOUS when using verify=False, and I highly discourage distributing code with that option.
🚨🚨🚨

Answer 4 · 2023-03-29T08:10:47.000Z

Just wanted to second everything that @santisoler said 😬