Urllib3: SubjectAltNameWarning

Created on 29 Mar 2018  路  2Comments  路  Source: urllib3/urllib3

1319

@SethMichaelLarson

Hi there, I'm seeing a similar issue to the one linked above. The solution in that issue was to upgrade pyOpenSSL, requests, and urllib3 to latest and retry, unfortunately, upgrading to latest hasn't helped me.

I'm running python 3.6 in this case.

python -m pip freeze yields:

address==0.1.1
amqp==1.4.6
anyjson==0.3.3
asn1crypto==0.24.0
astroid==1.4.4
autopep8==1.3.4
billiard==3.3.0.20
certifi==2018.1.18
cffi==1.5.2
chardet==3.0.4
click==6.7
colorama==0.3.7
cryptography==2.2.1
dj-static==0.0.6
Django==1.11.2
django-admin-views==0.7.0
django-bootstrap3==9.0.0
django-common-helpers==0.9.1
django-cron==0.5.0
django-enumfield==1.1.2
django-enumfields==0.8.2
django-extensions==1.7.4
django-floppyforms==1.7.1.dev1
django-ipware==1.1.6
django-localflavor==1.1
django-macros==0.4.0
django-periodically==0.3.0
django-pgfields==1.4.4
django-s3direct==0.4.2
django-user-agents==0.3.0
djangorestframework==3.4.7
djorm-pgarray==1.2
enum34==1.1.6
flake8==3.3.0
fleet==1.4.0
funcsigs==0.4
future==0.16.0
gnureadline==6.3.3
gunicorn==19.0.0
idna==2.1
ipaddress==1.0.16
ipdb==0.8
ipython==2.4.0
itsdangerous==0.24
Jinja2==2.7.2
kombu==3.0.26
lazy-object-proxy==1.2.1
Markdown==2.5.2
MarkupSafe==0.21
mccabe==0.6.1
mock==1.3.0
model-mommy==1.3.0
ndg-httpsclient==0.4.0
oauthlib==0.7.2
pbr==1.8.1
Pillow==2.7.0
probableparsing==0.0.1
psycopg2==2.6.2
pyasn1==0.1.9
pycodestyle==2.3.1
pycparser==2.14
pycrypto==2.6.1
pyflakes==1.5.0
PyJWT==0.3.1
pylint==1.5.4
pyOpenSSL==17.5.0
python-crfsuite==0.9.5
python-keyczar==0.716
python-openid==2.2.5
pytz==2017.2
PyYAML==3.11
raven==5.1.1
requests==2.18.1
requests-oauthlib==0.4.2
six==1.10.0
slackweb==1.0.5
static3==0.5.1
street-address==0.3.0
ua-parser==0.7.2
urllib3==1.22
usaddress==0.5.10
user-agents==1.0.1
Werkzeug==0.9.6
wrapt==1.10.6
xmltodict==0.10.2

Here is some sample code that reproduces the it:

import requests

def get_cert_path(extension):
    return '<path_to_cert>/<name_of_cert>.' + extension

response = requests.get(
    'https://<url>',
    verify=get_cert_path('pem'),
    cert=(
        get_cert_path('cert'),
        get_cert_path('key')
    )
)

print(response.status_code)

With all the cert paths and urls in place, I get:

/Users/<user>/.pyenv/versions/uplift/lib/python3.6/site-packages/urllib3/connection.py:344: SubjectAltNameWarning: Certificate for <url> has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SubjectAltNameWarning
200

Any advice you can offer would be much appreciated. Thanks! 馃槃

Most helpful comment

This isn't a bug. The server you're talking to doesn't provide that field in the certificate it's returning. #497 has all the details as well as when urllib3 will stop actually validating that certificate (given that most browsers no longer support it either).

Can you share the output of openssl s_client -connect host:port

All 2 comments

This isn't a bug. The server you're talking to doesn't provide that field in the certificate it's returning. #497 has all the details as well as when urllib3 will stop actually validating that certificate (given that most browsers no longer support it either).

Can you share the output of openssl s_client -connect host:port

Ah, you're exactly correct, it's not in there. We're good to close this; thanks for your prompt response!

Was this page helpful?
0 / 5 - 0 ratings