Weird SSL problem
Ned Deily
nad at acm.org
Mon Sep 29 18:55:57 EDT 2014
In article <CD8F39D9-ACD9-4D6E-9AAC-DBCDF607F242 at adm.umu.se>,
Roland Hedberg <roland.hedberg at adm.umu.se> wrote:
> Hi!
>
> I¹m trying to access
> https://stsadweb.one.microsoft.com/adfs/.well-known/openid-configuration
>
> Doing it the simplest way I get the following:
>
> >>> import urllib
> >>> f =
> >>> urllib.urlopen("https://stsadweb.one.microsoft.com/adfs/.well-known/openid
> >>> -configuration")
> Traceback (most recent call last):
> File "<stdin>", line 1, in <module>
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
> line 87, in urlopen
> return opener.open(url)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
> line 208, in open
> return getattr(self, name)(url)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/urllib.py",
> line 437, in open_https
> h.endheaders(data)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
> , line 969, in endheaders
> self._send_output(message_body)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
> , line 829, in _send_output
> self.send(msg)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
> , line 791, in send
> self.connect()
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/httplib.py"
> , line 1176, in connect
> self.sock = ssl.wrap_socket(sock, self.key_file, self.cert_file)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
> line 387, in wrap_socket
> ciphers=ciphers)
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
> line 143, in __init__
> self.do_handshake()
> File
> "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/ssl.py",
> line 305, in do_handshake
> self._sslobj.do_handshake()
> IOError: [Errno socket error] [Errno 54] Connection reset by peer
> >>> import ssl
> >>> ssl.OPENSSL_VERSION
> ¹OpenSSL 0.9.8za 5 Jun 2014'
>
> Now, using Safari, or curl for that matter, from the same machine works
> without a hitch.
>
> The URL above is also the only URL I¹ve encountered this problem with.
>
> Anyone got an idea ?
I believe the problem is that the connection is protected by a
multi-hostname server certificate and Python 2's urllib (and underlying
httplib and ssl modules) do not support SNI extensions to TLS. The
request above works fine with Python 3 (which has supported client-side
SNI since Python 3.2). See http://bugs.python.org/issue5639 for more
discussion of the matter. If Python 3 is not an option for you, the
requests package available via PyPI should help.
--
Ned Deily,
nad at acm.org
More information about the Python-list
mailing list