Issue #59 wontfix

host name mismatch in production mirrors

Jason R. Coombs avatarJason R. Coombs created an issue

In Setuptools #75, Pedro Algarvio reports a hostname mismatch when attempting to download setuptools using wget (via ez_install), but the SSL certificate doesn't match the hostname.

Is '*.a.ssl.fastly.net' something that's served by the PyPI hosts, or is that something that's being intercepted and served by some intermediary in his environment? If it's the former, then the certificate isn't suitable for hosting pypi.python.org content (securely).

Comments (2)

  1. Donald Stufft

    The certificate used by PyPI has a CN of .a.ssl.fastly.net and has a SAN of pypi.python.org (among others). In this case, looking at the original ticket, I'd assume that the wget on the system didn't support SAN certificates fell back to using the CN which the CN of .a.ssl.fastly.net doesn't match the name pypi.python.org and failed.

    There's nothing to be done except for people to not use ancient versions of things that don't support standard X.509 extensions. The only other options are a very expensive CDN option or removing the CDN all together.

  2. Log in to comment
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.