I found a library that does what I'm trying to do: Certifi. It can be installed by running
pip install certifi from the command line.
Making requests and verifying them is now easy:
import certifi import urllib.request urllib.request.urlopen("https://example.com/", cafile=certifi.where())
As I expected, this returns a
HTTPResponse object for a site with a valid certificate and raises a
ssl.CertificateError exception for a site with an invalid certificate.