Issue 35422: misleading error message from ssl.get_server_certificate() when bad port

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

This issue has been migrated to GitHub: https://github.com/python/cpython/issues/79603

classification

Title:	misleading error message from ssl.get_server_certificate() when bad port
Type:	behavior	Stage:	resolved
Components:	SSL	Versions:	Python 3.6

process

Status:	closed	Resolution:	wont fix
Dependencies:		Superseder:
Assigned To:	christian.heimes	Nosy List:	benjamin.peterson, cedricvanrompay, christian.heimes, ruluk
Priority:	normal	Keywords:

Created on 2018-12-05 21:24 by cedricvanrompay, last changed 2022-04-11 14:59 by admin. This issue is now closed.

Messages (4)
msg331171 - (view)	Author: Cédric Van Rompay (cedricvanrompay)	Date: 2018-12-05 21:24
When calling ssl.get_server_certificate() with a bad port number (I used 80 when I should have been using 443), the error raised is a bit misleading: >>> import ssl >>> ssl.get_server_certificate(('gitlab.com',80)) [...] SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847) "SSL: wrong version number" seems to indicate that there is a mismatch between SSL versions supported by the client and the ones supported by the server. When here I guess the problem would better be described as "there is no SSL available at this address+port".
msg331205 - (view)	Author: Benjamin Peterson (benjamin.peterson) *	Date: 2018-12-06 05:42
Note this is just the error that OpenSSL produces. There isn't a whole Python can do to change it.
msg339656 - (view)	Author: Ruluk (ruluk)	Date: 2019-04-08 16:22
I would still validate the error somewhere, maybe before reaching the OpenSSL library, because that same error is also shown for other cases. E.g: http_connection = HTTPSConnection("localhost") http_connection.request("POST", my_url, my_body, my_headers) The use of an HTTPS connection for localhost effectively produces the same "SSL: WRONG VERSION NUMBER" error.
msg391398 - (view)	Author: Christian Heimes (christian.heimes) *	Date: 2021-04-19 19:59
There is no easy fix for that. The TLS handskae is performed by OpenSSL internally. You could open a feature request with OpenSSL and ask them to implement better error detection and reporting.

History
Date	User	Action	Args
2022-04-11 14:59:08	admin	set	github: 79603
2021-04-19 19:59:09	christian.heimes	set	status: open -> closed resolution: wont fix messages: + msg391398 stage: resolved
2019-04-08 16:22:15	ruluk	set	nosy: + ruluk messages: + msg339656
2018-12-06 05:42:59	benjamin.peterson	set	nosy: + benjamin.peterson messages: + msg331205
2018-12-05 21:24:32	cedricvanrompay	create