Home Explore Help
Register Sign In
sapientech
/
goblinoid
Watch 5
Star 6
Fork 1
Files Issues 4 Pull Requests 0 Wiki
Labels Milestones
New Issue

#14 Connection error with SNI SSL site

Closed
opened 8 years ago by sazius · 1 comments
Mats Sjöberg commented 8 years ago

After entering my webfinger I get the error message: "Connection error, please try again". I was able to track down that this is because of my site using TLS and SNI (because I have several domains on the same ip address). I was able to confirm this, since it worked once I temporarily disabled all the other domains on that server.

Another hint is from adb logcat:

I/python  (14204):  /data/data/com.sapientech.mediagoblin/files/_applibs/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
I/python  (14204):  /data/data/com.sapientech.mediagoblin/files/_applibs/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
I/python  (14204):  /data/data/com.sapientech.mediagoblin/files/_applibs/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
I/python  (14204): hostname 'media.saz.im' doesn't match either of 'saz.im', 'www.saz.im'
I/python  (14204): webfinger got error message: data connection error, please try again later

As you can see it gets the wrong TLS cert (for domain saz.im instead of media.saz.im which is my MediaGoblin domain) because it doesn't support SNI.

After entering my webfinger I get the error message: "Connection error, please try again". I was able to track down that this is because of my site using TLS and SNI (because I have several domains on the same ip address). I was able to confirm this, since it worked once I temporarily disabled all the other domains on that server. Another hint is from `adb logcat`: I/python (14204): /data/data/com.sapientech.mediagoblin/files/_applibs/requests/packages/urllib3/util/ssl_.py:315: SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) extension to TLS is not available on this platform. This may cause the server to present an incorrect TLS certificate, which can cause validation failures. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning. I/python (14204): /data/data/com.sapientech.mediagoblin/files/_applibs/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. I/python (14204): /data/data/com.sapientech.mediagoblin/files/_applibs/requests/packages/urllib3/util/ssl_.py:120: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning. I/python (14204): hostname 'media.saz.im' doesn't match either of 'saz.im', 'www.saz.im' I/python (14204): webfinger got error message: data connection error, please try again later As you can see it gets the wrong TLS cert (for domain `saz.im` instead of `media.saz.im` which is my MediaGoblin domain) because it doesn't support SNI.
sazius closed 8 years ago
Dylan Jeffers commented 8 years ago
Owner

Sazius, thank you for the report. At first glance, this may be an issue with PyPump, the library used to connect the app with your MediaGoblin instance. When in front of a computer, I will test this further and keep you updated.

Sazius, thank you for the report. At first glance, this may be an issue with PyPump, the library used to connect the app with your MediaGoblin instance. When in front of a computer, I will test this further and keep you updated.
Sign in to join this conversation.
Labels
Clear labels
No Label
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
2 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.