[issue28170] SystemError: <built-in method peer_certificate of _ssl._SSLSocket object at 0x7f98ac154858> returned NULL without setting an error
Christian Heimes
report at bugs.python.org
Thu Sep 15 11:54:28 EDT 2016
Christian Heimes added the comment:
Do you happen to talk to an ElasticSearch cluster with a GEN_RID in the subject alternative name field? It's a known bug in Python's ssl code. The fix #27691 will be in the next releases of 2.7 and 3.5.
In the mean time you can work around the bug by reconfiguring your ES cluster and application. You have to use different certs for node <-> client and node <-> node communication. OID 1.2.3.4.5.5 should only be in the cluster communication certs. https://github.com/floragunncom/search-guard-docs/blob/1a35ec309661f7b8fb1efc2586fc298dcb7cb139/installation.md#generating-a-server-certificate
----------
resolution: -> duplicate
stage: -> resolved
status: open -> closed
superseder: -> X509 cert with GEN_RID subject alt name causes SytemError
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28170>
_______________________________________
More information about the Python-bugs-list
mailing list