lirenke added the comment: In RFC6066, literal IPv4 is not allowed as hostname indeed. Actually, many requests still use the format of "IP+PORT" to access the server, and it seems Python don't prohibit this action explicitly. The explorer Chrome also use literal IP address to access for instance.
In our case, all requests will be forwarded by apacheproxy and there is another apache server that receiving them. The URL is like "https://128.6.42.21:8088/xx/";, and the SNI will be added by OpenSSL in TLS-handshake packet when new https connection create. In this time, "128.6.42.21:8088" is set to self._tunnel_host in set_tunnel(), then, the server_hostname, as SNI, is determined. The Server side's apache will check the SNI between handshake packet and local vHost configuration. So it is the place where mismatch happen. Error Code 400, Bad Request will return to client.<https://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI> Definitely, port number shouldn't be a part of SNI. Compare with Chrome do, we hope Python could handle the server_hostname precisely too. Calling self._get_hostport() again and setting the IP address to server_hostname without port number is our suggestion. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26238> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
