Christian Heimes added the comment: Do you happen to talk to an ElasticSearch cluster with a GEN_RID in the subject alternative name field? It's a known bug in Python's ssl code. The fix #27691 will be in the next releases of 2.7 and 3.5.
In the mean time you can work around the bug by reconfiguring your ES cluster and application. You have to use different certs for node <-> client and node <-> node communication. OID 1.2.3.4.5.5 should only be in the cluster communication certs. https://github.com/floragunncom/search-guard-docs/blob/1a35ec309661f7b8fb1efc2586fc298dcb7cb139/installation.md#generating-a-server-certificate ---------- resolution: -> duplicate stage: -> resolved status: open -> closed superseder: -> X509 cert with GEN_RID subject alt name causes SytemError _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28170> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
