Skip to content

/ youtube-dl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL hostname mismatch on Python <= 3.2.2 or <= 2.7.2 (was: certificate error on Blackberry 10 ,Python 3.2) #10370

Closed
canamcy opened this issue Aug 17, 2016 · 3 comments
Closed

SSL hostname mismatch on Python <= 3.2.2 or <= 2.7.2 (was: certificate error on Blackberry 10 ,Python 3.2) #10370

canamcy opened this issue Aug 17, 2016 · 3 comments

Comments

@canamcy
Copy link

@canamcy canamcy commented Aug 17, 2016

Please follow the guide below

  • You will be asked some questions and requested to provide some information, please read them carefully and answer honestly
  • Put an x into all the boxes [ ] relevant to your issue (like that [x])
  • Use Preview tab to see how your issue will actually look like

Make sure you are using the latest version: run youtube-dl --version and ensure your version is 2016.08.17. If it's not read this FAQ entry and update. Issues with outdated version will be rejected.

  • [x ] I've verified and I assure that I'm running youtube-dl 2016.08.17

Before submitting an issue make sure you have:

  • [ x] At least skimmed through README and most notably FAQ and BUGS sections
  • [ x] Searched the bugtracker for similar issues including closed ones

What is the purpose of your issue?

  • [ x] Bug report (encountered problems with youtube-dl)
  • Site support request (request for adding support for a new site)
  • Feature request (request for a new functionality)
  • Question
  • Other

The following sections concretize particular purposed issues, you can erase any section (the contents between triple ---) not applicable to your issue

If the purpose of this issue is a bug report, site support request or you are not completely sure provide the full verbose output as follows:

Add -v flag to your command line you run youtube-dl with, copy the whole output and insert it here. It should look similar to one below (replace it with your log inserted between triple ```):

[debug] System config: []

[debug] User config: []

[debug] Command-line args: ['-i', '--verbose', '--no-mtime', '--youtube-skip-dash-manifest', '-o', '/sdcard/yo0/M/yowb/TalkingMachines/4939128-generative-art-and-hamiltonian-monte-carlo.mp3', '--', 'https://audioboom.com/boos/4939128-generative-art-and-hamiltonian-monte-carlo?t=0']

[debug] Encodings: locale UTF-8, fs utf-8, out UTF-8, pref UTF-8

[debug] youtube-dl version 2016.08.17

[debug] Python version 3.2.2 - QNX-8.0.0-MSM8960_V3.2.1.1_NS_R092_Rev-14-armle-32bit

[debug] exe versions: none

[debug] Proxy map: {}
ERROR: hostname 'audioboom.com' doesn't match '*.audioboom.com'
Traceback (most recent call last):
  File ""./yo-AD/youtube_dl.py/youtube_dl/YoutubeDL.py"", line 691, in extract_info
    ie_result = ie.extract(url)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 347, in extract
    return self._real_extract(url)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/audioboom.py"", line 27, in _real_extract
    webpage = self._download_webpage(url, video_id)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 507, in _download_webpage
    res = self._download_webpage_handle(url_or_request, video_id, note, errnote, fatal, encoding=encoding, data=data, headers=headers, query=query)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 414, in _download_webpage_handle
    urlh = self._request_webpage(url_or_request, video_id, note, errnote, fatal, data=data, headers=headers, query=query)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 394, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File ""./yo-AD/youtube_dl.py/youtube_dl/YoutubeDL.py"", line 1996, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 369, in open
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 387, in _open
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 347, in _call_chain
  File ""./yo-AD/youtube_dl.py/youtube_dl/utils.py"", line 1004, in https_open
    req, **kwargs)
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 1136, in do_open
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 964, in request
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 1002, in _send_request
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 960, in endheaders
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 805, in _send_output
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 743, in send
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 1108, in connect
  File ""stage/armle-v7/usr/lib/python3.2/ssl.py"", line 172, in match_hostname
ssl.CertificateError: hostname 'audioboom.com' doesn't match '*.audioboom.com

This was working on this system. 
This works on Windows 7 with Python 3.2.
@yan12125
Copy link
Collaborator

@yan12125 yan12125 commented Aug 17, 2016

audioboom.com should match *.audioboom.com. Python 3.2 is too old and broken in this case. Please upgrade your Python version.
@yan12125 yan12125 closed this Aug 17, 2016
@yan12125
Copy link
Collaborator

@yan12125 yan12125 commented Aug 17, 2016

Sorry, my previous argument is wrong - audioboom.com should not match *.audioboom.com. Instead, there are two items in subjectAltName (subject alternative name) of the server's SSL certificate. The hostname matches the second alternative name Python 3.2 should work for audioboom.com. On my PC Python 3.2.6 works fine. Could you run the following script?

import pprint
import socket
import ssl

host = 'audioboom.com'

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_REQUIRED
context.set_default_verify_paths()

sock = socket.create_connection((host, 443))
ssl_sock = context.wrap_socket(sock, server_hostname=host)
pprint.pprint(ssl_sock.getpeercert())

It should print:

{'OCSP': ('http://gp.symcd.com',),
 'caIssuers': ('http://gp.symcb.com/gp.crt',),
 'crlDistributionPoints': ('http://gp.symcb.com/gp.crl',),
 'issuer': ((('countryName', 'US'),),
            (('organizationName', 'GeoTrust Inc.'),),
            (('commonName', 'RapidSSL SHA256 CA'),)),
 'notAfter': 'Aug 13 23:59:59 2018 GMT',
 'notBefore': 'Jul 18 00:00:00 2016 GMT',
 'serialNumber': '723F3BBDCB7EF6347AD559E7C374A917',
 'subject': ((('commonName', '*.audioboom.com'),),),
 'subjectAltName': (('DNS', '*.audioboom.com'), ('DNS', 'audioboom.com')),
 'version': 3}

Note the subjectAltName line. There are two items. If there's only one, check your OpenSSL settings.
@yan12125 yan12125 reopened this Aug 17, 2016
@yan12125
Copy link
Collaborator

@yan12125 yan12125 commented Aug 17, 2016

OK I can reproduce this bug on Python 3.2.2. It's Python's bug, which is fixed in 3.2.3 and 2.7.3, please upgrade your Python version.

Reference: http://bugs.python.org/issue13034
@yan12125 yan12125 closed this Aug 17, 2016
@yan12125 yan12125 changed the title certificate error on Blackberry 10 ,Python 3.2 SSL hostname mismatch on Python <= 3.2.2 or <= 2.7.2 (was: certificate error on Blackberry 10 ,Python 3.2) Aug 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
@yan12125 @canamcy
You can’t perform that action at this time.