A HTTPS client implementation for
http.client(Python 3) andurllib(Python 3)
... based on PyOpenSSL. PyOpenSSL provides a more fully featured SSL implementation
over the default provided with Python and importantly enables full verification
of the SSL peer using pyasn1.
Note: As of this version, Python 2 and Python < 3.8 are no longer supported.
PyOpenSSL >= 26.0.0 and pyasn1 >= 0.6.3 are now required to address
CVE-2026-27459 and CVE-2026-30922 respectively.
- Clean up handling for description file - pull in content from this file into setup()
- Allows the nightly build to fail
- Add Trove version classifiers to make it explicit what is supported
- Add python_requires to help pip
- Drop support for EOL Python 2.6 and 3.3
Thanks to @hugovk for contributions
- Fix to Subject Alternative Name handling to allow for certificates with more than 64 names (max now 1024). Thanks to Matt Pegler
- Fix to subjectAltName string to use byte type for correct matching
- Updated SSL Context objects to default to TLS 1.2
- Updated test certificates
- Fix to
ndgnamespace package warning issue (#3).
__init__.pyfile now included inndgdirectory so that there are no longer warnings with imports when using Python 2.x. Thanks to Max Mauntner for fix. - Minor fix for installation: set minimum release for
pyasn1to avoid conflicts with Ubuntu install - see #5 and #10.pyasn1also becomes mandatory rather than optional package for install. - It required bycryptographyanyway which is a dependency forpyOpenSSLfrom version 0.14.
- Fix to bug in
ndg.httpsclient.utils.open_url- duplicate open call.
Nb. This bug and the fix DO NOT affect thehttplibandurllib2interfaces that this package provides.
- Added explicit ref to Python 3 in classifier text for Python 3 checking tools.
- Moved LICENSE file into package
- Made dual compatible with Python 2 / 3.
- Fix to add in AnotherName for
subjectAltNamesfield - added for support for CACert issued certs (thanks to Gu1). - Fix to HTTP Basic Auth option for
ndg.httpsclient.utils.main - Fix to
ServerSSLCertVerificationso that it can pass a function-based callback instead of using__call__. In newer versions of OpenSSL (>= 0.14) the latter failed because of a request for__name__attribute.
- Fix to SubjectAltNames support check - should only be enabled if pyasn1 is installed.
- Fix to open_url: HTTP Request object was being created inside if headers is None block - now corrected to create regardless.
- Added http basic auth support to script. (Thanks to Willem van Engen)
- extended utils functions to support keyword for passing additional
urllib2handlers.
- Added
ndg.httpsclient.utils.fetch_stream_from_urlfunction and added parameter for data to post inopen_urlandfetch_*methods. - fix to ndg.httpsclient.utils module _should_use_proxy and open_url functions
- added support for SSL verification with subjectAltNames using pyasn1
- fixed minor bug - SSL cert DN prefix matching
Initial release
Requires Python 3.8 or later, PyOpenSSL >= 26.0.0 and pyasn1 >= 0.6.3.
pyasn1 is required for correct SSL verification with subjectAltNames.
Installation can be performed using easy_install or pip.
A simple script for fetching data using HTTP or HTTPS GET from a specified URL.
Parameter:
url
The URL of the resource to be fetched
Options:
-h, --help
Show help message and exit.
-c FILE, --certificate=FILE
Certificate file - defaults to $HOME/credentials.pem
-k FILE, --private-key=FILE
Private key file - defaults to the certificate file
-t DIR, --ca-certificate-dir=DIR
Trusted CA certificate file directory.
-d, --debug
Print debug information - this may be useful in solving problems with HTTP or
HTTPS access to a server.
-p FILE, --post-data-file=FILE
POST data file
-f FILE, --fetch=FILE
Output file
-n, --no-verify-peer
Skip verification of peer certificate.