Weird SSL problem

[Roland Hedberg]

30 sep 2014 kl. 00:55 skrev Ned Deily <nad at acm.org>:

> In article <CD8F39D9-ACD9-4D6E-9AAC-DBCDF607F242 at adm.umu.se>,
> Roland Hedberg <roland.hedberg at adm.umu.se> wrote:
> 
>> Hi!
>> 
>> I¹m trying to access 
>> https://stsadweb.one.microsoft.com/adfs/.well-known/openid-configuration
>> 
>> Doing it the simplest way I get the following:
>> 
>>>>> import urllib
>>>>> f = 
>>>>> urllib.urlopen("https://stsadweb.one.microsoft.com/adfs/.well-known/openid
>>>>> -configuration")
>> Traceback (most recent call last):
>>  File "<stdin>", line 1, in <module>
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
>>   line 87, in urlopen
>>    return opener.open(url)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
>>   line 208, in open
>>    return getattr(self, name)(url)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
>>   line 437, in open_https
>>    h.endheaders(data)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>>  , line 969, in endheaders
>>    self._send_output(message_body)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>>  , line 829, in _send_output
>>    self.send(msg)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>>  , line 791, in send
>>    self.connect()
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>>  , line 1176, in connect
>>    self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", 
>>  line 387, in wrap_socket
>>    ciphers=ciphers)
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", 
>>  line 143, in __init__
>>    self.do_handshake()
>>  File 
>>  "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", 
>>  line 305, in do_handshake
>>    self._sslobj.do_handshake()
>> IOError: [Errno socket error] [Errno 54] Connection reset by peer
>>>>> import ssl
>>>>> ssl.OPENSSL_VERSION
>> ¹OpenSSL 0.9.8za 5 Jun 2014'
>> 
>> Now, using Safari, or curl for that matter, from the same machine works 
>> without a hitch.
>> 
>> The URL above is also the only URL I¹ve encountered this problem with.
>> 
>> Anyone got an idea ?
> 
> I believe the problem is that the connection is protected by a 
> multi-hostname server certificate and Python 2's urllib (and underlying 
> httplib and ssl modules) do not support SNI extensions to TLS.  The 
> request above works fine with Python 3 (which has supported client-side 
> SNI since Python 3.2).  See http://bugs.python.org/issue5639 for more 
> discussion of the matter.  If Python 3 is not an option for you, the 
> requests package available via PyPI should help.

You’re absolutely correct in that it’s a SNI problem.
Python 3 is not an option and I was already using requests obviously missing something.
Ah, had to install some extra libraries.

— Roland

”Being able to think like a child is an important attribute of being an adult” - Eddie Izzard