Apple Lookup API certificate error when called with Python 3.4 and urllib3.request

0
votes

Should I turn off certificate verification and ignore warnings when calling Apple Search API from Python 3.4 and urllib3.request?

What I tried:

  1. I first found a problem when I made a call using urllib.request from a virtual environment (with Python Tools for Visual Studio 2013) e.g.

    r = urllib.request.urlopen('https://itunes.apple.com/lookup?id=429313263')

    Raises this error:

    urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

  2. Strangely, when I made the same call from my normal Python 3.4 environment (i.e. not in a virtual environment), I received no errors.

  3. However, I want to use a virtual env, so I thought I would try using urllib3.request. When I require certificate verification, it also fails:

    http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
r = http.request('GET', 'https://itunes.apple.com/lookup?id=429313263')

    urllib3.exceptions.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)

    Does this simply mean that there is something wrong with the certificate on Apple's server?

  4. I changed the call to not require certification:

    http = urllib3.PoolManager(cert_reqs='CERT_NONE',assert_hostname=False)

    which unsurprisingly gave the warning:

    InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html

  5. I disabled warnings (obviously not normally advisable):

    urllib3.disable_warnings()
1
python-3.xurllib3

1 Answers

1
votes

Which version of urllib3 and certifi are you using?

I just tried what you did on the latest urllib3 (master) and certifi (2015.11.20.1), seems to work for me:

(in a virtualenv) $ python
Python 3.5.1 (default, Dec 27 2015, 02:23:23)
[GCC 4.2.1 Compatible Apple LLVM 6.0 (clang-600.0.57)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import urllib3, certifi
>>> http = urllib3.PoolManager(cert_reqs='CERT_REQUIRED', ca_certs=certifi.where())
>>> r = http.request('GET', 'https://itunes.apple.com/lookup?id=429313263')
>>> r.status
200

Also works with 2.7.11. Unfortunately I don't have a Python 3.4 install available right now. If you manage to track this down to a bug in urllib3 or certifi, please open an issue on the respective project. :)