No certificate validation detected for HTTP request
Expected Behavior
requests.get('https://gmail.com', verify=True) # Verify flag setting to true makes the call Secure. Certificate validation enabled.
To Reproduce
verify flag false will produce this issue
Anything else?
Disabling certificate validation for HTTP request leave application vulnerable to man-in-the-middle attacks.
When request methods are used, certificates are validated automatically which is the desired behavior. If certificate validation is explicitly turned off, requests will accept any TLS certificate presented by the server and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle attacks.
Using TLS can greatly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS.
Code of Conduct
[X] I agree to follow this project's Code of Conduct
Is there an existing issue for this?
Current Behavior
No certificate validation detected for HTTP request
Expected Behavior
requests.get('https://gmail.com', verify=True) # Verify flag setting to true makes the call Secure. Certificate validation enabled.
To Reproduce
verify flag false will produce this issue
Anything else?
Disabling certificate validation for HTTP request leave application vulnerable to man-in-the-middle attacks.
When request methods are used, certificates are validated automatically which is the desired behavior. If certificate validation is explicitly turned off, requests will accept any TLS certificate presented by the server and will ignore hostname mismatches and/or expired certificates, which will make your application vulnerable to man-in-the-middle attacks.
Using TLS can greatly increase security by guaranteeing the identity of the party you are communicating with. This is accomplished by one or both parties presenting trusted certificates during the connection initialization phase of TLS.
Code of Conduct