[Python-Dev] python 2.7 + https + urlopen = ?

martin at v.loewis.de martin at v.loewis.de
Mon Aug 13 12:40:35 CEST 2012

> How would you feel, if you issued :
> import urllib
> urlopen("""https://server.domain.com""").read()
> and the command got you data from some other URL without telling  
> you! You use firefox, and the site is different than the data you  
> got! Same with chrome. Safari. Even IE !
> Cheated? (Well I was mad -- after IE worked).
> None of them worked! Wow. Then you wonder, whats going on. You poke  
> one of the server administrator, and he sends you the logs, and you  
> see the problem. The keyword being "SNI".

I believe there is a bug in the HTTP server; it doesn't conform to the
HTTP/1.1 protocol. Even without the client using SNI, you should still
get the right page, since the HTTP Host: header indicates the host you
are trying to contact at this point, not SNI. The SNI is only relevant
for the certificate that the server presents.


More information about the Python-Dev mailing list