Author dstufft
Recipients Dima.Tisnek, Dolf.Andringa, dstufft, exarkun, giampaolo.rodola, grooverdan, janssen, jcea, markk, mnot, ncoghlan, pdp, pitrou, sag47, scott.tsai
Date 2014-03-20.03:30:46
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1395286247.23.0.0132484742184.issue5639@psf.upfronthosting.co.za>
In-reply-to
Content
To be clear, to get SNI with requests on 2.x you need requests, pyopenssl, ndg-httpsclient, and pyasn1 (which also pulls in cryptography, six, cffi, and pycparser). So that's 8 dependencies to get SNI on Python 2.x.

At least it's doable but it's kind of really unfriendly :/ Also the error message you get when you need SNI and it's not available is basically the most obtuse thing ever. You get told that the SSL verification failed for <some other domain> that isn't what you asked for but when you go to it in your Browser it'll all work kosher with no indication it was using SNI.

It's generally a good idea to install those extra things anyways because the SSL lib on Python 2.7 has other actual security issues which those address (IIRC it still has TLS compression on, I think it's default cipher list is rather poor, doesn't support TLS 1.2, etc).
History
Date User Action Args
2014-03-20 03:30:47dstufftsetrecipients: + dstufft, jcea, exarkun, ncoghlan, janssen, pitrou, mnot, giampaolo.rodola, scott.tsai, pdp, grooverdan, Dolf.Andringa, Dima.Tisnek, markk, sag47
2014-03-20 03:30:47dstufftsetmessageid: <1395286247.23.0.0132484742184.issue5639@psf.upfronthosting.co.za>
2014-03-20 03:30:47dstufftlinkissue5639 messages
2014-03-20 03:30:46dstufftcreate