Skip to content

Instantly share code, notes, and snippets.

@schlamar
Last active September 23, 2016 20:55
Show Gist options
  • Save schlamar/2993700 to your computer and use it in GitHub Desktop.
Save schlamar/2993700 to your computer and use it in GitHub Desktop.
urllib2 HTTPS connection with proxy and cert verification
import httplib
import urllib2
import ssl
import certifi
from backports.ssl_match_hostname import match_hostname
class CertValidatingHTTPSConnection(httplib.HTTPConnection):
default_port = httplib.HTTPS_PORT
def __init__(self, host, port=None, key_file=None, cert_file=None,
ca_certs=None, strict=None, **kwargs):
httplib.HTTPConnection.__init__(self, host, port, strict, **kwargs)
self.key_file = key_file
self.cert_file = cert_file
self.ca_certs = ca_certs
if self.ca_certs:
self.cert_reqs = ssl.CERT_REQUIRED
else:
self.cert_reqs = ssl.CERT_NONE
def connect(self):
httplib.HTTPConnection.connect(self)
self.sock = ssl.wrap_socket(self.sock, keyfile=self.key_file,
certfile=self.cert_file,
cert_reqs=self.cert_reqs,
ca_certs=self.ca_certs)
if self.cert_reqs & ssl.CERT_REQUIRED:
cert = self.sock.getpeercert()
hostname = self.host.split(':', 0)[0]
match_hostname(cert, hostname)
class VerifiedHTTPSHandler(urllib2.HTTPSHandler):
def __init__(self, **kwargs):
urllib2.HTTPSHandler.__init__(self)
self._connection_args = kwargs
def https_open(self, req):
def http_class_wrapper(host, **kwargs):
full_kwargs = dict(self._connection_args)
full_kwargs.update(kwargs)
return CertValidatingHTTPSConnection(host, **full_kwargs)
return self.do_open(http_class_wrapper, req)
if __name__ == "__main__":
handler = VerifiedHTTPSHandler(ca_certs=certifi.where())
# assuming proxy settings are in environment or set them with:
# urllib2.ProxyHandler({'http_proxy': 'http://', 'https_proxy' = 'http://'})
opener = urllib2.build_opener(handler, urllib2.ProxyHandler())
opener.open('https://google.com').read()
opener.open('https://kennethreitz.com').read()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment