How to fix SSL: CERTIFICATE_VERIFY_FAILED?

[nazandr]

{'feed': {}, 'entries': [], 'bozo': 1, 'bozo_exception': URLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)'),)}
It works some day ago, but now doesn't.

feedparser.parse('https://habrahabr.ru/rss/feed/posts/5d0c9b4397559e2e7cb380b29ec8151b/')

[davidag]

This is due to Python starting to apply certificate verification by default for stdlib http clients.

A great explanation of the rationale of the change can be found in this Redhat article, along with information regarding how to control and troubleshoot this new situation.

Both previous references explain how to avoid certificate verification in single connections:

• PEP-476 - Opting out

import ssl

# This restores the same behavior as before.
context = ssl._create_unverified_context()
urllib.urlopen("https://no-valid-cert", context=context)

• RedHat - Modifying Python programs to control certificate verification

Currently, feedparser users can only avoid certificate verification by monkeypatching (see previous links and this stackoverflow question), which is highly discouraged as it affects the whole application.

It seems that this issue could be fixed if feedparser.parse() had support for enabling/disabling this certificate validation in any way.

As a sidenote, Firefox is not so restrictive with feeds from sites with invalid certificates and you can access them without a warning, even if visiting the main site will rise a big warning screen.

[kurtmckee]

feedparser will eventually lose its internal HTTP code, likely in favor of using requests.

I recommend that developers begin using standard HTTP clients like the requests module to address intricacies like SSL verification.