Why request with ssl certification returns html?

Question

i got a question

I'm trying to post some data to a webserver and get response. Webserver has SSL certificate verification, so i provide file for it. In the response i should receive xml file, but i receive some html.

My small script look like this:

import requests, sys, os

program_directory=sys.path[0]
verify = os.path.join(program_directory, "test.pem")
data='some data'

print requests.post('https://somewebsite', data=data, verify=verify).text

That's what i got before html:

C:\Python27\lib\site-packages\requests\packages\urllib3\connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.) SecurityWarning

If i use verify=False and don't provide file it works fine and returns proper data. What maybe a problem and why do i receive this warning and html?

Answer 1

Quoting GrahamDumpleton:

This is because in older Python versions the _ssl module does not return 'subjectAltName' in the set of fields in the SSL certificate. That the field isn't returned even if present means that even if the SSL certificate is valid, the check will fail and the warning logged.

To eliminate the warnings you can disable urllib3 warnings globally.

The requests module contains a bundled version of urllib3, and you will most likely need to use:

import requests
requests.packages.urllib3.disable_warnings()

If you want to ignore only that specific warning, you can use:

from requests.packages.urllib3.exceptions import SubjectAltNameWarning
requests.packages.urllib3.disable_warnings(SubjectAltNameWarning)

Answer 2

Your self signed certificate doesn't contain subjectAltName.

Use:

openssl req -new -x509 -key myselfsigned.key -out myselfsigned.cer -days 365 -subj /CN=www.mysite.com

to generate the certificates.