Shammer's Philosophy

My private adversaria

Python SSL Client disabled server certificate verification

Python

Sample code

I wrote same as above in Remote SSL Server cipher check script with python - 20150130 - Shammerism.
In this article, I used socket library but I can't completely disable server certificate verification.
But, httplib can do this. So trying https connection should be used httplib library. Here is a SSL client which doesn't do a certificate verification.

#!/usr/bin/env python
import httplib
import ssl

connection = httplib.HTTPSConnection('XXX.XXX.XXX.XXX', context=ssl._create_unverified_context())
connection.request('GET','/','')
response = connection.getresponse().read()
print response

Verification

With server certificate verification
>>> import httplib
>>> connection = httplib.HTTPSConnection('XXX.XXX.XXX.XXX')
>>> connection.request('GET','/','')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1053, in request
    self._send_request(method, url, body, headers)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1093, in _send_request
    self.endheaders(body)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1049, in endheaders
    self._send_output(message_body)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 893, in _send_output
    self.send(msg)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 855, in send
    self.connect()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py", line 1274, in connect
    server_hostname=server_hostname)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 352, in wrap_socket
    _context=self)
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 579, in __init__
    self.do_handshake()
  File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", line 808, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:590)
>>> connection.close()
>>> exit()

According to server SSL implementation, following error would be shown instead of "certificate verify failed".

ssl.SSLError: [SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:590)
Without server certificate verification
>>> import httplib
>>> import ssl
>>> connection = httplib.HTTPSConnection('XXX.XXX.XXX.XXX', context=ssl._create_unverified_context())
>>> connection.request('GET','/','')
>>> print connection.getresponse().read()

>>> connection.close()
>>>