Why does Python `request` reject my SSL certificate that browsers accept

Question

Why does Python `request` reject my SSL certificate that browsers accept

I recently received an SSL certificate for my site:

https://ram.rachum.com/

It works great in browsers. But this fails for requests:

>>> import requests
>>> requests.get('https://ram.rachum.com')
Traceback (most recent call last):
  File "<pyshell#1>", line 1, in <module>
    requests.get('https://ram.rachum.com')
  File "C:\Python27\lib\site-packages\requests\api.py", line 55, in get
    return request('get', url, **kwargs)
  File "C:\Python27\lib\site-packages\requests\api.py", line 44, in request
    return session.request(method=method, url=url, **kwargs)
  File "C:\Python27\lib\site-packages\requests\sessions.py", line 354, in request
    resp = self.send(prep, **send_kwargs)
  File "C:\Python27\lib\site-packages\requests\sessions.py", line 460, in send
    r = adapter.send(request, **kwargs)
  File "C:\Python27\lib\site-packages\requests\adapters.py", line 250, in send
    raise SSLError(e)
SSLError: hostname 'ram.rachum.com' doesn't match either of '*.webfaction.com', 'webfaction.com'

Why? Why is it requestslooking at a webfaction certificate and not at its own certificate, which is valid for ram.rachum.com?

+4

python certificate ssl python-requests

Ram rachum Apr 19 '14 at 0:26

source share

1 answer

Steffen Ullrich · Accepted Answer · 2014-04-19T05:42:50+0000

SNI ( ), SSL IP-, SNI. openssl s_client. SNI IP-, *.webfaction.com:

openssl s_client -connect ram.rachum.com:443
...
 0 ...CN=*.webfaction.com

SNI, :

openssl s_client -connect ram.rachum.com:443 -servername ram.rachum.com
...
 0 ...CN=ram.rachum.com...

, , . TLS, SNI

Why does Python `request` reject my SSL certificate that browsers accept

More articles: