[Python-apps-team] Bug#813313: [planet-venus] planet-venus fails on SNI enabled websites
Andreas Metzler
ametzler at bebt.de
Wed Feb 10 18:11:39 UTC 2016
On 2016-01-31 Ingo Juergensmann <ij at 2013.bluespice.org> wrote:
> Package: planet-venus
> Version: 0~git9de2109-3
> Severity: normal
> Apparently planet-venus fails to fetch feeds from SNI enabled hosts.
> After migrating my blog from HTTP to HTTPS with letsencrypt.org
> certificate, I noticed that Planet Debian fails to include my blog
> postings.
[...]
> ERROR:planet.runner:Error 500 while updating feed
> https://blog.windfluechter.net/taxonomy/term/2/feed
> When directly using my feed link in a browser everything works without
> any problems and the correct certificate is loaded.
[...]
Hello,
Just out of interest: Am I looking wrong or is blog.windfluechter.net
making strange use of SNI, having a single SNI that is identical with
the CN?
ametzler at argenau:/tmp$ openssl x509 -text < log.windfluechter | grep -E -A1 'Subject:|Subject Alternative Name:'
Subject: CN=blog.windfluechter.net
Subject Public Key Info:
--
X509v3 Subject Alternative Name:
DNS:blog.windfluechter.net
I have recently also switched to letsencrypt (but have not re-pointed
the planet feed yet).
ametzler at argenau:/tmp$ openssl x509 -text < log.bebt | grep -E -A1 'Subject:|Subject Alternative Name:'
Subject: CN=vsrv21575.customer.vlinux.de
Subject Public Key Info:
--
X509v3 Subject Alternative Name:
DNS:kraftwerk-au.bebt.de, DNS:vsrv21575.customer.vlinux.de, DNS:www.bebt.de
The simple test case posted by Jakub Wilk[1] succeeds here.
cu Andreas
[1] python -c 'import httplib2; httplib2.Http().request("https://www.bebt.de/")'
--
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'
More information about the Python-apps-team
mailing list