New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Connection fails via https when certificate contains IPv6 address in SAN #1269
Comments
Can you please try installing the |
That module is installed. Actually this seems to be an issue with the |
Reopening since even after fixing pyca/cryptography#3943 I'm still seeing another traceback within
|
This looks like it's in the same vein as our idna issues in Requests. Running IP addresses through the encoder is going to cause issues. That's why we ended up only running the idna portion on names that contained Unicode characters. It's possible a minor tweak to idna_encode in the pyopenssl module is necessary for IPv6 IPs in the Subject Alt Name field. |
This is a crude hack, but enough to get things working for me with py27 at least. Feel free to reuse/improve.
|
Until https://bugs.python.org/issue23239 is fixed correct certificates with SAN IP Addresses won't work on Python 2.7. |
* Don't load system certificates by default when any other ``ca_certs``, ``ca_certs_dir`` or ``ssl_context`` parameters are specified. * Remove Authorization header regardless of case when redirecting to cross-site. (Issue #1510) * Add support for IPv6 addresses in subjectAltName section of certificates. (Issue #1269)
The URL is
https://[2001:db8::17]/
, the server is running with a certificate that includes bothDNS:2001:db8::17
andIP:2001:db8::17
asalt_names
. Accessing that URL with e.g.curl
works just fine, when using urllib3 I am seeing this error instead:The text was updated successfully, but these errors were encountered: