Weird SSL problem

Ned Deily nad at acm.org
Mon Sep 29 18:55:57 EDT 2014 

In article <CD8F39D9-ACD9-4D6E-9AAC-DBCDF607F242 at adm.umu.se>,
 Roland Hedberg <roland.hedberg at adm.umu.se> wrote:

> Hi!
> 
> I¹m trying to access 
> https://stsadweb.one.microsoft.com/adfs/.well-known/openid-configuration
> 
> Doing it the simplest way I get the following:
> 
> >>> import urllib
> >>> f = 
> >>> urllib.urlopen("https://stsadweb.one.microsoft.com/adfs/.well-known/openid
> >>> -configuration")
> Traceback (most recent call last):
>   File "<stdin>", line 1, in <module>
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
>    line 87, in urlopen
>     return opener.open(url)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
>    line 208, in open
>     return getattr(self, name)(url)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
>    line 437, in open_https
>     h.endheaders(data)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>   , line 969, in endheaders
>     self._send_output(message_body)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>   , line 829, in _send_output
>     self.send(msg)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>   , line 791, in send
>     self.connect()
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
>   , line 1176, in connect
>     self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", 
>   line 387, in wrap_socket
>     ciphers=ciphers)
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", 
>   line 143, in __init__
>     self.do_handshake()
>   File 
>   "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py", 
>   line 305, in do_handshake
>     self._sslobj.do_handshake()
> IOError: [Errno socket error] [Errno 54] Connection reset by peer
> >>> import ssl
> >>> ssl.OPENSSL_VERSION
> ¹OpenSSL 0.9.8za 5 Jun 2014'
> 
> Now, using Safari, or curl for that matter, from the same machine works 
> without a hitch.
> 
> The URL above is also the only URL I¹ve encountered this problem with.
> 
> Anyone got an idea ?

I believe the problem is that the connection is protected by a 
multi-hostname server certificate and Python 2's urllib (and underlying 
httplib and ssl modules) do not support SNI extensions to TLS.  The 
request above works fine with Python 3 (which has supported client-side 
SNI since Python 3.2).  See http://bugs.python.org/issue5639 for more 
discussion of the matter.  If Python 3 is not an option for you, the 
requests package available via PyPI should help.

-- 
 Ned Deily,
 nad at acm.org

More information about the Python-list mailing list