[New-bugs-announce] [issue36866] Certificate verification errors in urllib.request become URLError
Matt Martz
report at bugs.python.org
Thu May 9 11:48:32 EDT 2019
New submission from Matt Martz <matt at sivel.net>:
The behavior of how SSL certificate validation is handled was changed in https://bugs.python.org/issue31399
This introduced a new exception, ssl.SSLCertVerificationError, which is raised for any certificate validation error, instead of the previous exception ssl.CertificateError.
The primary difference here comes into play in urllib.request:
https://github.com/python/cpython/blob/da0847048aa7f934573fa449cea8643def056aa5/Lib/urllib/request.py#L1314-L1318
Previously ssl.CertificateError was not derived from OSError, it instead was derived from ValueError.
As such, as of Python3.7, ssl.SSLCertVerificationError is caught by the exception handling referenced above, as it is derived from OSError, and raised as a URLError, causing exception handling issues. You must now introspect e.reason to determine if the exception was caused due to certificate verification or any other URLError, instead of simply catching separate exception types.
----------
assignee: christian.heimes
components: Library (Lib), SSL
messages: 341985
nosy: christian.heimes, sivel, vstinner
priority: normal
severity: normal
status: open
title: Certificate verification errors in urllib.request become URLError
type: behavior
versions: Python 3.7, Python 3.8, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36866>
_______________________________________
More information about the New-bugs-announce
mailing list