SSLSocket.getpeercert() can return {} meaning the library did not
validate the SSL certificate. We can't do the match_hostname() tests
against this, so don't bother trying.
This addresses #472 which was failing on Ubuntu 14.04 because it does
not have a new-enough SSL library to validate the certificate.
... | ... |
@@ -84,9 +84,10 @@ class http_connection(object): |
84 | 84 |
cert = self.c.sock.getpeercert() |
85 | 85 |
try: |
86 | 86 |
ssl.match_hostname(cert, self.c.host) |
87 |
- |
|
88 | 87 |
except AttributeError: # old ssl module doesn't have this function |
89 | 88 |
return |
89 |
+ except ValueError: # empty SSL cert means underlying SSL library didn't validate it, we don't either. |
|
90 |
+ return |
|
90 | 91 |
except ssl.CertificateError, e: |
91 | 92 |
self.match_hostname_aws(cert, e) |
92 | 93 |
|