Control: forwarded -1 https://github.com/jcgregorio/httplib2/issues/233
On Wed, Feb 10, 2016 at 01:05:59AM +0100, Jakub Wilk wrote: > * anarcat <anar...@debian.org>, 2016-02-09, 09:33: > >This is typical of Python apps that depend only on urllib and so on. > > Not really. Python's stdlib supports SNI since 2.7.9, which was the first > version that enabled certificate verification by default, and what's in > jessie. > > Here the culrprit is httplib2: [...] You're right of course. Here's the upstream bug: https://github.com/jcgregorio/httplib2/issues/233 httplib2 folks say that the problem doesn't appear in Python3, so maybe Venus could run in Py3k? I actually doubt it, considering that software hasn't been updated since well, 2010 or so... The number of failed hosts keeps on growing in the meantime: $ grep -c 'Server presented certificate that does not match host' planet.log.0 22 Note that those are not all let's encrypt certs, but they are probably mostly SNI. Those wishing to reproduce the issue can follow the instructions on the wiki page here: https://wiki.debian.org/PlanetDebian#test Or simply run the bootstrap script: http://anonscm.debian.org/viewvc/planet-debian/trunk/planet-bootstrap.sh?view=co&content-type=text%2Fplain The faulty code in planet venus itself is in planet/spider.py, around line 300, in the httpThread function. It *looks* like it could be fairly easy to convert it to requests, as the API usage is fairly superficial. A.
signature.asc
Description: Digital signature
