On Nov 10, 2017 3:45 AM, "Rahul Paul" <rahulpaul1...@gmail.com> wrote:
Hi,
I am using requests package to send a post request to an API within my
application.
I am using the request as :
*requests.post("https://xx.xxx.xxx.xxx/my-admin/api/api2
<https://xx.xxx.xxx.xxx/my-admin/api/api2>", data=data)*
where "xx.xxx.xxx.xxx" is the IP of my server on which this API is hosted.
When I am trying to call this API from my application, django is raising
an exception as follows:
*SSLError: hostname 'xx.xxx.xxx.xxx' doesn't match 'xxx.com
<http://xxx.com>'*
But when I put the domain name in the request i.e. "xxx.com", it gives me
proper result. Also when I put verify=False along with the request, my
application gives me proper result even with IP addess in the request.
However the very same API is returning proper result with both --- IP
address and domain name.
This is how SSL/TLS works. The certificate is based on the domain name in
the CN or SAN fields. It will never work with just an IP address and a
valid publicity signed certificate. If your CA is signing certificates with
IP's instead of or in addition to names, I would start a campaign to have
them shut down.
My server has a CA signed certificate but the DNS have forward entry but
doesnot have a PTR entry. I have also verified with digicert.com and found
that when I am entering the domain name, it is giving proper IP address but
when I am giving IP address, it is not able to resolve the domain name.
This API was functioning working correctly with IP address when we had self
signed certificate.
No, it didn't. That would indicate that you imported the self-signed CA
certificate into your trusted CA store. It would also mean that the
certificate was generated using the IP as the value of the CN or SAN. No
SSL library does that without a lot of coaxing, if it's even possible
anymore.
Also I am using nginx-gunicorn to run my application.
Please help me with understanding why this is happening and what are the
best possible solutions for this problem.
There is no problem to solve, you are just experiencing the joys of SSL,
and there are many. ;-)
Just make it a point to use the name.
-James
--
You received this message because you are subscribed to the Google Groups
"Django users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-users+unsubscr...@googlegroups.com.
To post to this group, send email to django-users@googlegroups.com.
Visit this group at https://groups.google.com/group/django-users.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-users/CA%2Be%2BciXhCEVQ8tbEoXK9fxYPgtorPyMQpWhtBY8LhkOGuPXKQA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
