Issue #59 wontfix

host name mismatch in production mirrors

Jason R. Coombs
created an issue

In Setuptools #75, Pedro Algarvio reports a hostname mismatch when attempting to download setuptools using wget (via ez_install), but the SSL certificate doesn't match the hostname.

Is '*' something that's served by the PyPI hosts, or is that something that's being intercepted and served by some intermediary in his environment? If it's the former, then the certificate isn't suitable for hosting content (securely).

Comments (2)

  1. Donald Stufft

    The certificate used by PyPI has a CN of and has a SAN of (among others). In this case, looking at the original ticket, I'd assume that the wget on the system didn't support SAN certificates fell back to using the CN which the CN of doesn't match the name and failed.

    There's nothing to be done except for people to not use ancient versions of things that don't support standard X.509 extensions. The only other options are a very expensive CDN option or removing the CDN all together.

  2. Log in to comment