This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Title: urllib2.urlopen() through proxy fails when HTTPS URL contains port number
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 2.7
Status: closed Resolution: duplicate
Dependencies: Superseder: Use of set_tunnel with default port results in incorrect post value in host header
View: 22095
Assigned To: serhiy.storchaka Nosy List: atzm, serhiy.storchaka
Priority: normal Keywords:

Created on 2015-05-28 06:04 by atzm, last changed 2022-04-11 14:58 by admin. This issue is now closed.

Messages (2)
msg244277 - (view) Author: Atzm WATANABE (atzm) Date: 2015-05-28 06:04
urllib2.urlopen() through proxy causes ssl.CertificateError when HTTPS URL contains port number.

Sample code:

$ https_proxy='' python -c 'import urllib2; urllib2.urlopen("")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/path/to/lib/python2.7/", line 154, in urlopen
    return, data, timeout)
  File "/path/to/lib/python2.7/", line 431, in open
    response = self._open(req, data)
  File "/path/to/lib/python2.7/", line 449, in _open
    '_open', req)
  File "/path/to/lib/python2.7/", line 409, in _call_chain
    result = func(*args)
  File "/path/to/lib/python2.7/", line 1240, in https_open
  File "/path/to/lib/python2.7/", line 1194, in do_open
    h.request(req.get_method(), req.get_selector(),, headers)
  File "/path/to/lib/python2.7/", line 1053, in request
    self._send_request(method, url, body, headers)
  File "/path/to/lib/python2.7/", line 1093, in _send_request
  File "/path/to/lib/python2.7/", line 1049, in endheaders
  File "/path/to/lib/python2.7/", line 893, in _send_output
  File "/path/to/lib/python2.7/", line 855, in send
  File "/path/to/lib/python2.7/", line 1274, in connect
  File "/path/to/lib/python2.7/", line 352, in wrap_socket
  File "/path/to/lib/python2.7/", line 579, in __init__
  File "/path/to/lib/python2.7/", line 816, in do_handshake
    match_hostname(self.getpeercert(), self.server_hostname)
  File "/path/to/lib/python2.7/", line 271, in match_hostname
    % (hostname, ', '.join(map(repr, dnsnames))))
ssl.CertificateError: hostname '' doesn't match either of '', '', '', '', '', '', '', '', '', '', '', '', '', '', ''

This problem seems to be caused because urllib2.AbstractHTTPHandler.do_open() calls httplib.HTTPSConnection.set_tunnel() without splitting hostname and port number.

To fix this problem, I suggest applying the patch posted in issue .
This problem looks serious because it means we cannot access HTTPS using various port number at restricted environment (e.g. under the firewall).
msg244343 - (view) Author: Serhiy Storchaka (serhiy.storchaka) * (Python committer) Date: 2015-05-28 19:45
Thank you for your report Atzm.
Date User Action Args
2022-04-11 14:58:17adminsetgithub: 68499
2015-05-28 19:45:54serhiy.storchakasetstatus: open -> closed

type: behavior
assignee: serhiy.storchaka
messages: + msg244343
superseder: Use of set_tunnel with default port results in incorrect post value in host header
resolution: duplicate
stage: resolved
2015-05-28 06:06:40ned.deilysetnosy: + serhiy.storchaka
2015-05-28 06:04:12atzmcreate