search

SeleniumHQ / selenium

A browser automation framework and ecosystem.
https://selenium.dev
Apache License 2.0
30.5k stars 8.15k forks source link

InsecureRequestWarning even when SSL is valid #6869

Closed BeyondEvil closed 3 years ago

BeyondEvil commented 5 years ago

🐛 Bug Report

InsecureRequestWarning is issued even when the Remote end has valid SSL.

To Reproduce

Run a test against a Remote endpoint that has valid SSL.

Expected behavior

Test runs without any warnings.

Test script or set of commands reproducing this issue

Test script here

Environment

OS: OSX 10.12.6 (also happens on core OS so it's unlikely a OS issue) Browser: Firefox (also happens with IE, again, unlikely this is a browser issue) Browser version: 64 Browser Driver version: GeckoDriver 0.23 Language Bindings version: 3.141.0 Selenium Grid version (if applicable): 3.14.0

I ran the script in a virtual env and the warning is repeated for every wire-call.

/Users/jimbrannlund/.local/share/virtualenvs/dpo-automation-NuB7OARD/lib/python3.7/site-packages/urllib3/connectionpool.py:847: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)

Virtual env contents and python version:

(dpo-automation) bash-3.2$ pip freeze
selenium==3.141.0
urllib3==1.24.1
(dpo-automation) bash-3.2$ python --version
Python 3.7.0

SSL report

barancev commented 5 years ago

This should be fixed by urllib3 version 1.25 (not released yet)

isaulv commented 4 years ago

@BeyondEvil Can this be closed given the latest release of urllib3?

BeyondEvil commented 4 years ago

@BeyondEvil Can this be closed given the latest release of urllib3?

Unfortunately I'm without the means to test this currently, but if you think the issue is solved feel free to close it. :) @Dude-X

agebhar1 commented 4 years ago

With the latest version of urllib3 (>= 1.25) the certification is now required:

New in version 1.25

HTTPS connections are now verified by default (cert_reqs = 'CERT_REQUIRED').

Instead of a warning a SSL error is raised

(Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

agebhar1 commented 4 years ago

See also https://github.com/SeleniumHQ/selenium/issues/6534#issuecomment-499961981

AutomatedTester commented 3 years ago

I believe this has now been fixed