Bypass SSL when I'm using SUDS for consume web service

Asked 19/5, 2016 at 15:11 Answered 16/1, 2018 at 23:4

I'm using SUDS for consuming web service. I tried like bellow:

client = Client(wsdl_url)
list_of_methods = [method for method in client.wsdl.services[0].ports[0].methods]
print(list_of_methods)

I got this error:

urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)>

I saw link but it is just solution for python 2.7. How can I bypass SSL with SUDS? Or is there any none python solution (For example add fake certificate in windows OS)? I'm using python 3(So I have to use urllib instead of urllib2).

Epenthesis answered 19/5, 2016 at 15:11 Comment(0)

A suds client uses a subclass of suds.transport.Transport to process requests.

The default transport used is an instance of suds.transport.https.HttpAuthenticated, but you can override this when you instantiate the client by passing a transport keyword argument.

The http and https transports are implemented using urllib.request (or urllib2 for python2) by creating an urlopener. The list of handlers used to create this urlopener is retrieved by calling the u2handlers() method on the transport class. This means that you can create your own transport by subclassing the default and overriding that method to use a HTTPSHander with a specific ssl context, e.g:

from suds.client import Client
from suds.transport.https import HttpAuthenticated
from urllib.request import HTTPSHandler
import ssl

class CustomTransport(HttpAuthenticated):

    def u2handlers(self):

        # use handlers from superclass
        handlers = HttpAuthenticated.u2handlers(self)

        # create custom ssl context, e.g.:
        ctx = ssl.create_default_context(cafile="/path/to/ca-bundle.pem")
        # configure context as needed...
        ctx.check_hostname = False

        # add a https handler using the custom context
        handlers.append(HTTPSHandler(context=ctx))
        return handlers

# instantiate client using this transport
c = Client("https://example.org/service?wsdl", transport=CustomTransport())

Reglet answered 19/5, 2016 at 19:2 Comment(7)

What is value of cafile? How can I set it? – Epenthesis 19/5, 2016 at 19:46

That's just an example of how you may create a context. In this case cafile would be the path to the server's ssl certificate (pem-encoded). You can of course also use ctx = ssl._create_unverified_context() instead like in the answer you linked to skip verification. Or you can save the certificate as pem file so you don't have to disable verification entirely. – Reglet 19/5, 2016 at 20:17

I get an error: Exception: (415, u"Cannot process the message because the content type 'text/xml; charset=utf-8' was not the expected ty pe 'application/soap+xml; charset=utf-8'.") even tho I have headers set to soap – Shrieval 16/3, 2017 at 15:21

@TadejVengust - That seems unrelated to this question, you should probably ask a new question. Make sure to include the complete error message and how/where you set the headers. – Reglet 16/3, 2017 at 15:57

It is related since it adds headers without this customTransport Class but when trasport is set they are not.. Meaning that headers should probably be added somewhere inside the class aswell? – Shrieval 17/3, 2017 at 8:9

@TadejVengust So how are you setting the headers? If you use a custom transport, you should use something like

c = Client("https://example.org/service?wsdl", transport=CustomTransport(headers={'Content-Type': 'application/soap+xml; charset=utf-8'}))

, that is pass the headers to the Transport constructor, not the Client constructor. – Reglet 17/3, 2017 at 11:32

Thanks I didn't know I had to put it in custom transport, I was putting it directly into client. Now I am getting bed requests but at least I am somehow getting to the server. – Shrieval 17/3, 2017 at 11:48

This code worked for me:

from suds.client import Client
import ssl

if hasattr(ssl, '_create_unverified_context'):
    ssl._create_default_https_context = ssl._create_unverified_context
cli = Client('https://your_lik_to?wsdl')

print(cli)

Soukup answered 21/8, 2017 at 14:16 Comment(1)

This solution does answer the question, but I think there should be a warning that using this solution leaves you vulnerable to not knowing if you're connecting to a trusted server or to a server that is mimicking the trusted server. I recommend implementing the custom transport described in the accepted answer -- it's quite a bit more effort, but should give more protection than completely disabling SSL verification – Gayla 29/5, 2020 at 6:4

You can add the code below before instantiate your suds client:

import ssl


try:
    _create_unverified_https_context = ssl._create_unverified_context
except AttributeError:
    pass
else:
    ssl._create_default_https_context = _create_unverified_https_context

See my own website for details: https://lucasmarques.me/bypass-ssl

Kreitman answered 25/9, 2017 at 2:44 Comment(0)

This is what I came up with that seems to work well:

class MyTransport(HttpAuthenticated):

    def u2handlers(self):
        """
        Get a collection of urllib handlers.

        @return: A list of handlers to be installed in the opener.
        @rtype: [Handler,...]

        """
        handlers = []
        context = ssl._create_unverified_context()
        handlers.append(urllib2.HTTPSHandler(context=context))
        return handlers

Cheers!

Sven answered 16/1, 2018 at 23:4 Comment(0)

You can use https://pypi.python.org/pypi/suds_requests to leverage the requests library for the transport. This gives you the ability to disable the ssl verification.

Or try my new soap library, it supports it out of the box: http://docs.python-zeep.org/en/latest/#transport-options

Angeloangelology answered 22/5, 2016 at 20:37 Comment(0)

-1

I use this:

with mock.patch('ssl._create_default_https_context', ssl._create_unverified_context):
    client = Client(url)

See: https://bitbucket.org/jurko/suds/issues/78/allow-bypassing-ssl-certificate#comment-39029255

Almswoman answered 11/8, 2017 at 8:0 Comment(3)

unittest.mock is a library for testing in Python. The question does not specify this being a test use-case. – Concent 3/9, 2019 at 14:36

@GregorEesmaa yes, you are right. But sometimes you need to work around tthings and do ugly hacks. Please tell me better solutions. I am curious. – Almswoman 3/9, 2019 at 14:44

A combination of the top two answers did the trick for me: using a custom Transport instance with ssl._create_unverified_context. While that may be considered a hack, it's definitely not as "ugly", as overriding the transport is supported by the library. – Concent 4/9, 2019 at 9:7

Recommended topics

Hot tags