Intermittent SSL verification issues
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Libravatar (obsolete) |
Incomplete
|
Undecided
|
Unassigned |
Bug Description
It happens pretty frequently. Just try this python script to see for yourself.
"""
Attempt 0
Attempt 1
Attempt 2
Traceback (most recent call last):
File "test-libravata
requests.
File "/usr/lib/
return request('get', url, **kwargs)
File "/usr/lib/
response = session.
File "/usr/lib/
resp = self.send(prep, **send_kwargs)
File "/usr/lib/
r = adapter.
File "/usr/lib/
raise SSLError(e, request=request)
requests.
"""
import requests
url = 'https:/
for i in range(20):
print "Attempt", i
requests.
I ran your script (bumped it to 100 attempts) and couldn't reproduce the problem.
Then I took each A record for seccdn. libravatar. org:
seccdn. libravatar. org. 3379 IN A 5.35.241.22 libravatar. org. 3379 IN A 166.78.0.128 libravatar. org. 3379 IN A 162.242.146.192
seccdn.
seccdn.
and put it in my /etc/hosts before re-running the script to see if any one of these was causing problems. Nope.
So I tried each AAAA record next:
seccdn. libravatar. org. 3202 IN AAAA 2001:4800: 7810:512: 8a30:6c1b: ff04:50be libravatar. org. 3202 IN AAAA 2001:4800: 7816:517: 8a30:6c1b: ff04:60cb libravatar. org. 3202 IN AAAA 2a01:488: 66:1000: 523:f116: 0:1
seccdn.
seccdn.
and found that the last one did in fact return an error:
Attempt 0 test", line 7, in <module> get(url) python2. 7/dist- packages/ requests/ api.py" , line 52, in get python2. 7/dist- packages/ requests/ api.py" , line 40, in request method= method, url=url, **kwargs) python2. 7/dist- packages/ requests/ sessions. py", line 229, in request prefetch= prefetch) python2. 7/dist- packages/ requests/ models. py", line 631, in send exceptions. SSLError: hostname 'seccdn. libravatar. org' doesn't match 'mail.cweiske.de'
Traceback (most recent call last):
File "./libravatar-
requests.
File "/usr/lib/
return request('get', url, **kwargs)
File "/usr/lib/
return s.request(
File "/usr/lib/
r.send(
File "/usr/lib/
raise SSLError(e)
requests.
but that's a different error than what you've got. I wonder whether requests 0.12.1 supports SNI.
Can you confirm that the server you're having problems with is 2a01:488: 66:1000: 523:f116: 0:1 or am I looking at a different problem?