code segment that silently fails:
96 def match_hostname(cert, hostname):
97 """Verify that *cert* (in decoded format as returned by
98 SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125
99 rules are followed, but IP addresses are not accepted for *hostname*.
100
101 CertificateError is raised on failure. On success, the function
102 returns nothing.
103 """
104 if not cert:
105 raise ValueError("empty or no certificate, match_hostname needs a "
106 "SSL socket or SSL context with either "
107 "CERT_OPTIONAL or CERT_REQUIRED")
108 try:
109 # Divergence from upstream: ipaddress can't handle byte str
110 host_ip = ipaddress.ip_address(_to_unicode(hostname))
111 except ValueError:
112 # Not an IP address (common case)
113 host_ip = None
114 except UnicodeError:
115 # Divergence from upstream: Have to deal with ipaddress not taking
116 # byte strings. addresses should be all ascii, so we consider it not
117 # an ipaddress in this case
118 host_ip = None
119 except AttributeError: <<<<<< throws AttributeError, because ipaddress is not available >>>>>>
120 # Divergence from upstream: Make ipaddress library optional
121 if ipaddress is None:
122 host_ip = None
123 else:
124 raise
from here:
9 # ipaddress has been backported to 2.6+ in pypi. If it is installed on the
10 # system, use it to handle IPAddress ServerAltnames (this was added in
11 # python-3.5) otherwise only do DNS matching. This allows
12 # backports.ssl_match_hostname to continue to be used all the way back to
13 # python-2.4.
14 try:
15 import ipaddress
16 except ImportError:
17 ipaddress = None
18
Simply installing python-ipaddress solves the issue
works with python-urllib3 1.13.1- 2ubuntu0. 16.04.1~ cloud0 2ubuntu0. 16.04.2~ cloud0
but fails with 1.13.1-
Change introduced: https:/ /bugs.launchpad .net/ubuntu/ +source/ python- urllib3/ +bug/1771988
code segment that silently fails: cert, hostname): getpeercert( )) matches the *hostname*. RFC 2818 and RFC 6125 ip_address( _to_unicode( hostname) )
96 def match_hostname(
97 """Verify that *cert* (in decoded format as returned by
98 SSLSocket.
99 rules are followed, but IP addresses are not accepted for *hostname*.
100
101 CertificateError is raised on failure. On success, the function
102 returns nothing.
103 """
104 if not cert:
105 raise ValueError("empty or no certificate, match_hostname needs a "
106 "SSL socket or SSL context with either "
107 "CERT_OPTIONAL or CERT_REQUIRED")
108 try:
109 # Divergence from upstream: ipaddress can't handle byte str
110 host_ip = ipaddress.
111 except ValueError:
112 # Not an IP address (common case)
113 host_ip = None
114 except UnicodeError:
115 # Divergence from upstream: Have to deal with ipaddress not taking
116 # byte strings. addresses should be all ascii, so we consider it not
117 # an ipaddress in this case
118 host_ip = None
119 except AttributeError: <<<<<< throws AttributeError, because ipaddress is not available >>>>>>
120 # Divergence from upstream: Make ipaddress library optional
121 if ipaddress is None:
122 host_ip = None
123 else:
124 raise
from here: ssl_match_ hostname to continue to be used all the way back to
9 # ipaddress has been backported to 2.6+ in pypi. If it is installed on the
10 # system, use it to handle IPAddress ServerAltnames (this was added in
11 # python-3.5) otherwise only do DNS matching. This allows
12 # backports.
13 # python-2.4.
14 try:
15 import ipaddress
16 except ImportError:
17 ipaddress = None
18
Simply installing python-ipaddress solves the issue