[issue36866] Certificate verification errors in urllib.request become URLError
Christian Heimes
report at bugs.python.org
Sat May 11 11:37:14 EDT 2019
Christian Heimes <lists at cheimes.de> added the comment:
Starting with 3.7, all OpenSSL and certificate-related exceptions are derived from SSLError. SSLError is a subclass of OSError. For backwards compatibility, SSLCertVerificationError is both a subclass of SSLError and ValueError.
>>> ssl.CertificateError
<class 'ssl.SSLCertVerificationError'>
>>> ssl.CertificateError.__mro__
(<class 'ssl.SSLCertVerificationError'>, <class 'ssl.SSLError'>, <class 'OSError'>, <class 'ValueError'>, <class 'Exception'>, <class 'BaseException'>, <class 'object'>)
The new behavior is more consistent than the previous. Now all SSL handshake errors are wrapped in URLError. In 3.6 and earlier unsupported TLS version, cipher suite mismatch, and similar were wrapped in URLError. Certificate related issues like untrusted cert, expired cert, hostname verification failure was not wrapped in URLError. You had to check error.reason for SSL-related errors any way.
I like to argue that the ssl module in 3.7 handles exceptions more consistently and is an improvement. The URLError behavior change is an unfortunate but reasonable side effect.
Ned, what do you think?
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36866>
_______________________________________
More information about the Python-bugs-list
mailing list