Certificate issues are hidden away

[stefan6419846]

I am currently trying to use this library for checking and parsing my security.txt file with the URL-based example from the README.

While there are no issues with regular certificates, local testing with a self-signed one just raises a FileNotFoundError without further explanation (my local server setup is configured as HTTPS-only):

from security import SecurityTXT

result = SecurityTXT.from_url('https://local-device/')

The reason is that the requests library does not support self-signed certificates by default.

Is there any chance of increasing the verbosity, for example by some logging? The culprit seems to be securitytxt.parsers.url_parser.URLParser._parse_file_url, where the following message might be useful for debugging:

HTTPSConnectionPool(host='local-device', port=443): Max retries exceeded with url: /.well-known/security.txt (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:852)'),))

[frank9524]

Thank you for using this package!

I looked into the issue and it is indeed better to show more elaborate error message if no security.txt is found on the URL. I've opened a new branch that is supposed to solve this issue. In addition, this version allows to pass custom certificates to the from_url call.

Does this solve your issue?

[stefan6419846]

Thanks for the proposed fix.

I took a quick glance at the branch and it seems like the changes should be sufficient (basically exposing the corresponding verify parameter of requests.get parameter in the public API), although at least one corresponding test seems to be missing if I am correct.