WebFaction
Community site: login faq

I started seeing warnings like:

/home/bcrandonneur/lib/python3.5/requests/packages/urllib3/util/ssl_.py:334: SNIMissingWarning:
An HTTPS request has been made, but the SNI (Subject Name Indication) 
extension to TLS is not available on this platform. This may cause the server to present an  
incorrect TLS certificate, which can cause validation failures. You can upgrade to a newer 
version of Python to solve this. For more information, 
see https://urllib3.readthedocs.io/en/latest/security.html#snimissingwarning.
  SNIMissingWarning

a couple of weeks ago. The first time was under Python 2.7 when I was trying to change an app to use Stormpath for auth. The warning is actually a fatal error in that case under 2.7.

Changing to Python 3.5 still raises the warning, but at least I can get the authentication I need to work.

It turns out that this is not just an issue for the Stormpath SDK. You can reproduce it by simply doing an update to pip in a venv:

$ python3.5 -m venv env
$ env/bin/pip install -U pip
/home/bcrandonneur/webapps/randopony_py3/env/lib/python3.5/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:315:
SNIMissingWarning: An HTTPS request has been made, but the SNI (Subject Name Indication) 
extension to TLS is not available on this platform. This may cause the server to present an 
incorrect TLS certificate, which can cause validation failures. For more information, 
see https://urllib3.readthedocs.org/en/latest/security.html#snimissingwarning.
  SNIMissingWarning

Reading the urllib3 docs link and other links from there leaves me with the impression that the root of the issue on webfaction is the OpenSSL library that Python is linked to. Does anyone know if that is the case, and if there are plans to fix that? Or am I mistaken and there is something else I am missing.

I know that I can ignore, or explicitly silence the warning, but I think that it is there for a reason...

asked 12 Dec '16, 01:26

dlatornell
323
accept rate: 0%


This issue is a side-effect of the CentOS 5 operating system your server uses, which is quite old and includes libraries that don't support SNI.

Upgrading to a newer operating system will solve this, and we highly recommend it. More information is available in our documentation here.

Hope that clarifies!

permanent link

answered 12 Dec '16, 02:59

ryans ♦♦
5.0k103860
accept rate: 43%

Thanks, that clarifies things completely. I'll start a discussion about migrating to a newer server with my co-admin.

permanent link

answered 14 Dec '16, 18:21

dlatornell
323
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×337
×1
×1

question asked: 12 Dec '16, 01:26

question was seen: 4,635 times

last updated: 14 Dec '16, 18:21

                              
WEBFACTION
REACH US
SUPPORT
LEGAL
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM