Bug#813313: [planet-venus] planet-venus fails on SNI enabled websites

Wed, 10 Feb 2016 10:30:56 -0800 

On 2016-02-10 13:11:39, Andreas Metzler wrote:
> Just out of interest: Am I looking wrong or is blog.windfluechter.net
> making strange use of SNI, having a single SNI that is identical with
> the CN?

That doesn't seem so strange to me...

Furthermore, the canonical test host for SNI makes httplib fail as well:

$ python -c 'import httplib2; httplib2.Http().request("https://sni.velox.ch/";)'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1592, in 
request
    (response, content) = self._request(conn, authority, uri, request_uri, 
method, body, headers, redirections, cachekey)
  File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1334, in 
_request
    (response, content) = self._conn_request(conn, request_uri, method, body, 
headers)
  File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1256, in 
_conn_request
    conn.connect()
  File "/usr/lib/python2.7/dist-packages/httplib2/__init__.py", line 1031, in 
connect
    'host %s: %s' % (hostname, cert), hostname, cert)
httplib2.CertificateHostnameMismatch: Server presented certificate that does 
not match host sni.velox.ch: {'crlDistributionPoints': 
(u'http://crl.quovadisglobal.com/qvsslg2.crl',), 'subjectAltName': (('DNS', 
'alice.sni.velox.ch'), ('DNS', 'carol.sni.velox.ch')), 'notBefore': u'Apr 21 
17:30:43 2014 GMT', 'caIssuers': 
(u'http://trust.quovadisglobal.com/qvsslg2.crt',), 'OCSP': 
(u'http://ocsp.quovadisglobal.com',), 'serialNumber': 
u'398C82B54E24FA61DB9CF244AACDEFD21A0544E2', 'notAfter': 'Apr 21 17:30:42 2017 
GMT', 'version': 3L, 'subject': ((('countryName', u'CH'),), 
(('stateOrProvinceName', u'Zuerich'),), (('localityName', u'Zuerich'),), 
(('organizationName', u'Kaspar Brand'),), (('commonName', 
u'alice.sni.velox.ch'),)), 'issuer': ((('countryName', u'BM'),), 
(('organizationName', u'QuoVadis Limited'),), (('commonName', u'QuoVadis Global 
SSL ICA G2'),))}

That, at the very least, should be fixed.

a.
-- 
The problem is not a lack of highly educated workers, the problem is a
lack of highly educated workers willing to work for the minimum wage or
lower in the U.S. Costs are driving outsourcing, not the quality of
American schools.       - Scott Kirwin, IT Professionals Association

Reply via email to