From the documentation:

requests can also ignore verifying the SSL certificate if you set verify to False.

>>> requests.get('https://kennethreitz.com', verify=False)
<Response [200]>

If you're using a third-party module and want to disable the checks, here's a context manager that monkey patches requests and changes it so that verify=False is the default and suppresses the warning.

import warnings
import contextlib

import requests
from urllib3.exceptions import InsecureRequestWarning

old_merge_environment_settings = requests.Session.merge_environment_settings

@contextlib.contextmanager
def no_ssl_verification():
    opened_adapters = set()

    def merge_environment_settings(self, url, proxies, stream, verify, cert):
        # Verification happens only once per connection so we need to close
        # all the opened adapters once we're done. Otherwise, the effects of
        # verify=False persist beyond the end of this context manager.
        opened_adapters.add(self.get_adapter(url))

        settings = old_merge_environment_settings(self, url, proxies, stream, verify, cert)
        settings['verify'] = False

        return settings

    requests.Session.merge_environment_settings = merge_environment_settings

    try:
        with warnings.catch_warnings():
            warnings.simplefilter('ignore', InsecureRequestWarning)
            yield
    finally:
        requests.Session.merge_environment_settings = old_merge_environment_settings

        for adapter in opened_adapters:
            try:
                adapter.close()
            except:
                pass

Here's how you use it:

with no_ssl_verification():
    requests.get('https://wrong.host.badssl.example/')
    print('It works')

    requests.get('https://wrong.host.badssl.example/', verify=True)
    print('Even if you try to force it to')

requests.get('https://wrong.host.badssl.example/', verify=False)
print('It resets back')

session = requests.Session()
session.verify = True

with no_ssl_verification():
    session.get('https://wrong.host.badssl.example/', verify=True)
    print('Works even here')

try:
    requests.get('https://wrong.host.badssl.example/')
except requests.exceptions.SSLError:
    print('It breaks')

try:
    session.get('https://wrong.host.badssl.example/')
except requests.exceptions.SSLError:
    print('It breaks here again')

Note that this code closes all open adapters that handled a patched request once you leave the context manager. This is because requests maintains a per-session connection pool and certificate validation happens only once per connection so unexpected things like this will happen:

>>> import requests
>>> session = requests.Session()
>>> session.get('https://wrong.host.badssl.example/', verify=False)
/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
<Response [200]>
>>> session.get('https://wrong.host.badssl.example/', verify=True)
/usr/local/lib/python3.7/site-packages/urllib3/connectionpool.py:857: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
  InsecureRequestWarning)
<Response [200]>

Before coming to the different values for verify one needs to understand first, what this verify is about in the first place. It is about validating that the server certificate matches the expected one, which means that there is a direct end-to-end protected connection to the server and there is not some man in the middle who can read and modify the traffic. The server validation is (among other things) based on locally trust root certificates which represent trusted certificate authorities (CA): if no chain from the server provided leaf certificate to any of the local trust anchors can be constructed, then the certificate is not trusted. For more on this see SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?.

verify=True then means that the server validation is done to use the default trust anchors, which are commonly the same public root certificates as used in the browser. verify=file.pem means to not use the default trust anchors but instead only the ones given in the specific file. This can be a single CA certificate, can be multiple CA certificates but can also be self-signed certificates expected for a specific server. Both of these options are usually sufficiently secure. But explicitly specifying which CA or certificate is trusted with verify=file.pem is more restrictive and thus more secure.

verify=False instead means that no certificate validation is done at all. This means a man in the middle will not be detected and thus anybody in the middle could sniff and fiddle with the traffic. This is totally unsafe and should never be used for critical data.. Critical data are obviously things like passwords or access tokens, but even exposing the exact URL visited can be considered critical in many cases.

You can do this to create a session :

import requests
from requests.adapters import HTTPAdapter
from requests.packages.urllib3.util.ssl_ import ssl

class SSLContextAdapter(HTTPAdapter):
    def init_poolmanager(self, *args, **kwargs):
        context = ssl.create_default_context()
        kwargs['ssl_context'] = context
        context.load_default_certs() # this loads the OS defaults on Windows
        return super(SSLContextAdapter, self).init_poolmanager(*args, **kwargs)

s = requests.Session()
adapter = SSLContextAdapter()
s.mount('yoururl', adapter)
response = s.post('yoururl', data=json.dumps(payload), headers=headers, auth=('user','pass'))