{"id":1579,"library":"ndg-httpsclient","title":"ndg-httpsclient: Enhanced HTTPS with PyOpenSSL","description":"ndg-httpsclient provides enhanced HTTPS support for Python's standard library modules `httplib` and `urllib2` (Python 2) or `http.client` and `urllib.request` (Python 3) using PyOpenSSL. It allows for advanced SSL/TLS features like Server Name Indication (SNI) and robust peer certificate verification, extending capabilities beyond the default standard library implementation. The current version is 0.5.1, with a relatively slow release cadence focused on compatibility and critical fixes.","status":"active","version":"0.5.1","language":"en","source_language":"en","source_url":"https://github.com/cedadev/ndg_httpsclient/","tags":["https","ssl","tls","pyopenssl","httplib","urllib2","urllib.request","http.client","security"],"install":[{"cmd":"pip install ndg-httpsclient","lang":"bash","label":"Install latest version"}],"dependencies":[{"reason":"Core functionality relies on PyOpenSSL for SSL/TLS operations.","package":"pyopenssl"},{"reason":"A transitive dependency of PyOpenSSL.","package":"cryptography","optional":true}],"imports":[{"symbol":"open_url","correct":"from ndg.httpsclient.utils import open_url"},{"symbol":"ServerSSLCertVerification","correct":"from ndg.httpsclient.ssl_peer_verification import ServerSSLCertVerification"},{"symbol":"SubjectAlternativeNameMatcher","correct":"from ndg.httpsclient.ssl_peer_verification import SubjectAlternativeNameMatcher"}],"quickstart":{"code":"import sys\nimport ssl\n# PyOpenSSL is a dependency that ndg-httpsclient leverages\nfrom OpenSSL import SSL\n\n# ndg-httpsclient patches these modules, so they should benefit from its enhancements\nif sys.version_info[0] >= 3:\n    import urllib.request as request_mod\n    import http.client as http_client_mod\nelse:\n    import urllib2 as request_mod\n    import httplib as http_client_mod\n\n# The primary utility for direct use is open_url\nfrom ndg.httpsclient.utils import open_url\n\n# For this example, we'll try a common HTTPS URL.\n# In a real-world scenario, you might pass specific client certificates (c, k)\n# or a custom CA bundle (ca) for peer verification.\ntarget_url = \"https://www.google.com\"\n\nprint(f\"Attempting to connect to {target_url} using ndg-httpsclient's open_url...\")\n\ntry:\n    # open_url utilizes the PyOpenSSL-backed HTTPS handling provided by ndg-httpsclient\n    # For more robust verification, you'd provide `ca='path/to/ca-bundle.pem'`\n    response = open_url(target_url)\n\n    print(f\"Connection successful!\")\n    print(f\"HTTP Status Code: {response.getcode()}\")\n    print(f\"Content-Type: {response.info()['Content-Type']}\")\n    # Read and decode a small part of the content to demonstrate success\n    # Do not read full content for quickstart to avoid large output\n    content_snippet = response.read(200).decode('utf-8', errors='ignore')\n    print(f\"Partial Content: {content_snippet}...\")\n\nexcept SSL.Error as e:\n    print(f\"SSL Error during connection: {e}\")\nexcept Exception as e:\n    print(f\"An unexpected error occurred: {e}\")","lang":"python","description":"This quickstart demonstrates using `ndg-httpsclient`'s `open_url` utility to make an HTTPS request. This function internally leverages the PyOpenSSL-enhanced `HTTPSHandler` that the library integrates into Python's standard HTTP client modules. For more advanced use, like client certificate authentication or custom CA bundles, additional arguments can be passed to `open_url`."},"warnings":[{"fix":"Upgrade Python to a supported version (e.g., Python 3.6+) or pin `ndg-httpsclient<0.5.1`.","message":"Support for Python 2.6 and Python 3.3 was dropped in version 0.5.1. Users on these End-of-Life Python versions must use an older `ndg-httpsclient` version or upgrade their Python environment.","severity":"breaking","affected_versions":">=0.5.1"},{"fix":"Understand that this library is a low-level enhancement for specific SSL/TLS requirements, not a replacement for higher-level HTTP client libraries.","message":"ndg-httpsclient primarily enhances Python's lower-level `httplib`/`urllib2` (Python 2) or `http.client`/`urllib.request` (Python 3) modules with PyOpenSSL. It is not a general-purpose HTTP client like `requests` and requires understanding of the underlying standard library modules for effective use. It's often used in scenarios needing fine-grained SSL/TLS control.","severity":"gotcha","affected_versions":"All"},{"fix":"If relying on `ndg.httpsclient.utils.open_url`, ensure you are on version 0.4.3 or higher.","message":"Version 0.4.2 introduced a bug in the `ndg.httpsclient.utils.open_url` function (a duplicate open call). This bug was fixed in version 0.4.3. Importantly, this specific bug *did not affect* the core `httplib` and `urllib2` interfaces that the package patches, only the higher-level `open_url` utility.","severity":"gotcha","affected_versions":"0.4.2"},{"fix":"For most new HTTP-related projects, consider `requests`. Use `ndg-httpsclient` when explicit PyOpenSSL control or compatibility with existing standard library code is a strict requirement.","message":"While `ndg-httpsclient` provides Python 3 compatibility, the standard library modules it enhances (`urllib.request`, `http.client`) are often superseded by higher-level, more user-friendly libraries like `requests` for general-purpose HTTP communication. This library remains relevant for niche applications requiring deep PyOpenSSL integration.","severity":"deprecated","affected_versions":"All"}],"env_vars":null,"last_verified":"2026-04-09T00:00:00.000Z","next_check":"2026-07-08T00:00:00.000Z"}