Reported by rpodoly..., Apr 23, 2013 What steps will reproduce the problem? 1. Make a request to an HTTPS server with a domain name not matching one that is specified in the corresponding SSL certificate. 2. Repeat the request once again. Expected behavior: both requests fail with CertificateHostnameMismatch error. Actual behavior: the first request fails with CertificateHostnameMismatch, but the second one succeeds. The problem is caused by incorrect error handling in connect() method of HTTPSConnectionWithTimeout class. The created socket is closed in case of a general SSL error, but it's not closed in case of CertificateHostnameMismatchError (as ssl module doesn't provide hostname checking and it's done by httplib2 code). So when the second request is performed, connect() is not called, because the connection has already been created, and certificate hostname mismatch is not checked. Tested versions: the last commit of the default branch in hg repo; 0.7.2, 0.8. External References: http://code.google.com/p/httplib2/issues/detail?id=282 https://bugs.launchpad.net/httplib2/+bug/1175272
Created python-httplib2 tracking bugs for this issue Affects: fedora-all [bug 958640]
Created python-httplib2 tracking bugs for this issue Affects: epel-all [bug 958642]
Created python26-httplib2 tracking bugs for this issue Affects: epel-5 [bug 958643]
Statement: This issue affects the versions of python-httplib2 as shipped with Red Hat Update Infrastructure 2.1. Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
python-httplib2-0.9-6.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.