classification
Title: misleading error message from ssl.get_server_certificate() when bad port
Type: behavior Stage:
Components: SSL Versions: Python 3.6
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: christian.heimes Nosy List: benjamin.peterson, cedricvanrompay, christian.heimes, ruluk
Priority: normal Keywords:

Created on 2018-12-05 21:24 by cedricvanrompay, last changed 2019-04-08 16:22 by ruluk.

Messages (3)
msg331171 - (view) Author: Cédric Van Rompay (cedricvanrompay) Date: 2018-12-05 21:24
When calling ssl.get_server_certificate() with a bad port number (I used 80 when I should have been using 443), the error raised is a bit misleading:

    >>> import ssl
    >>> ssl.get_server_certificate(('gitlab.com',80))
    [...]
    SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:847)

"SSL: wrong version number" seems to indicate that there is a mismatch between SSL versions supported by the client and the ones supported by the server. When here I guess the problem would better be described as "there is no SSL available at this address+port".
msg331205 - (view) Author: Benjamin Peterson (benjamin.peterson) * (Python committer) Date: 2018-12-06 05:42
Note this is just the error that OpenSSL produces. There isn't a whole Python can do to change it.
msg339656 - (view) Author: Ruluk (ruluk) Date: 2019-04-08 16:22
I would still validate the error somewhere, maybe before reaching the OpenSSL library, because that same error is also shown for other cases. E.g:

http_connection = HTTPSConnection("localhost")
http_connection.request("POST", my_url, my_body, my_headers)

The use of an HTTPS connection for localhost effectively produces the same "SSL: WRONG VERSION NUMBER" error.
History
Date User Action Args
2019-04-08 16:22:15ruluksetnosy: + ruluk
messages: + msg339656
2018-12-06 05:42:59benjamin.petersonsetnosy: + benjamin.peterson
messages: + msg331205
2018-12-05 21:24:32cedricvanrompaycreate