search

ytdl-org / youtube-dl

Command-line program to download videos from YouTube.com and other video sites
http://ytdl-org.github.io/youtube-dl/
The Unlicense
132.71k stars 10.07k forks source link

SSL hostname mismatch on Python <= 3.2.2 or <= 2.7.2 (was: certificate error on Blackberry 10 ,Python 3.2) #10370

Closed canamcy closed 8 years ago

canamcy commented 8 years ago

Please follow the guide below

Make sure you are using the latest version: run youtube-dl --version and ensure your version is 2016.08.17. If it's not read this FAQ entry and update. Issues with outdated version will be rejected.

The following sections concretize particular purposed issues, you can erase any section (the contents between triple ---) not applicable to your issue

If the purpose of this issue is a bug report, site support request or you are not completely sure provide the full verbose output as follows:

Add -v flag to your command line you run youtube-dl with, copy the whole output and insert it here. It should look similar to one below (replace it with your log inserted between triple ```):

[debug] System config: []

[debug] User config: []

[debug] Command-line args: ['-i', '--verbose', '--no-mtime', '--youtube-skip-dash-manifest', '-o', '/sdcard/yo0/M/yowb/TalkingMachines/4939128-generative-art-and-hamiltonian-monte-carlo.mp3', '--', 'https://audioboom.com/boos/4939128-generative-art-and-hamiltonian-monte-carlo?t=0']

[debug] Encodings: locale UTF-8, fs utf-8, out UTF-8, pref UTF-8

[debug] youtube-dl version 2016.08.17

[debug] Python version 3.2.2 - QNX-8.0.0-MSM8960_V3.2.1.1_NS_R092_Rev-14-armle-32bit

[debug] exe versions: none

[debug] Proxy map: {}
ERROR: hostname 'audioboom.com' doesn't match '*.audioboom.com'
Traceback (most recent call last):
  File ""./yo-AD/youtube_dl.py/youtube_dl/YoutubeDL.py"", line 691, in extract_info
    ie_result = ie.extract(url)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 347, in extract
    return self._real_extract(url)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/audioboom.py"", line 27, in _real_extract
    webpage = self._download_webpage(url, video_id)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 507, in _download_webpage
    res = self._download_webpage_handle(url_or_request, video_id, note, errnote, fatal, encoding=encoding, data=data, headers=headers, query=query)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 414, in _download_webpage_handle
    urlh = self._request_webpage(url_or_request, video_id, note, errnote, fatal, data=data, headers=headers, query=query)
  File ""./yo-AD/youtube_dl.py/youtube_dl/extractor/common.py"", line 394, in _request_webpage
    return self._downloader.urlopen(url_or_request)
  File ""./yo-AD/youtube_dl.py/youtube_dl/YoutubeDL.py"", line 1996, in urlopen
    return self._opener.open(req, timeout=self._socket_timeout)
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 369, in open
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 387, in _open
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 347, in _call_chain
  File ""./yo-AD/youtube_dl.py/youtube_dl/utils.py"", line 1004, in https_open
    req, **kwargs)
  File ""stage/armle-v7/usr/lib/python3.2/urllib/request.py"", line 1136, in do_open
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 964, in request
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 1002, in _send_request
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 960, in endheaders
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 805, in _send_output
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 743, in send
  File ""stage/armle-v7/usr/lib/python3.2/http/client.py"", line 1108, in connect
  File ""stage/armle-v7/usr/lib/python3.2/ssl.py"", line 172, in match_hostname
ssl.CertificateError: hostname 'audioboom.com' doesn't match '*.audioboom.com

This was working on this system. 
This works on Windows 7 with Python 3.2.
yan12125 commented 8 years ago

audioboom.com should match *.audioboom.com. Python 3.2 is too old and broken in this case. Please upgrade your Python version.

yan12125 commented 8 years ago

Sorry, my previous argument is wrong - audioboom.com should not match *.audioboom.com. Instead, there are two items in subjectAltName (subject alternative name) of the server's SSL certificate. The hostname matches the second alternative name Python 3.2 should work for audioboom.com. On my PC Python 3.2.6 works fine. Could you run the following script?

import pprint
import socket
import ssl

host = 'audioboom.com'

context = ssl.SSLContext(ssl.PROTOCOL_TLSv1)
context.verify_mode = ssl.CERT_REQUIRED
context.set_default_verify_paths()

sock = socket.create_connection((host, 443))
ssl_sock = context.wrap_socket(sock, server_hostname=host)
pprint.pprint(ssl_sock.getpeercert())

It should print:

{'OCSP': ('http://gp.symcd.com',),
 'caIssuers': ('http://gp.symcb.com/gp.crt',),
 'crlDistributionPoints': ('http://gp.symcb.com/gp.crl',),
 'issuer': ((('countryName', 'US'),),
            (('organizationName', 'GeoTrust Inc.'),),
            (('commonName', 'RapidSSL SHA256 CA'),)),
 'notAfter': 'Aug 13 23:59:59 2018 GMT',
 'notBefore': 'Jul 18 00:00:00 2016 GMT',
 'serialNumber': '723F3BBDCB7EF6347AD559E7C374A917',
 'subject': ((('commonName', '*.audioboom.com'),),),
 'subjectAltName': (('DNS', '*.audioboom.com'), ('DNS', 'audioboom.com')),
 'version': 3}

Note the subjectAltName line. There are two items. If there's only one, check your OpenSSL settings.

yan12125 commented 8 years ago

OK I can reproduce this bug on Python 3.2.2. It's Python's bug, which is fixed in 3.2.3 and 2.7.3, please upgrade your Python version.

Reference: http://bugs.python.org/issue13034