SSL validation fails on servers with SNI

[WhyNotHugo]

When more than one SSL/TLS domain is hosted on a same IPv4 host, SNI support is required. It is not unusual to host several domains on a single host.

Without SNI support, there are only two ways to host several domains on a single host:

• Purchase a large IPv4 block, and use one-per-domain (extremely expensive).
• Make sure all your clients have IPv6 (not all location where I roam have IPv6 connectivity).

In short, SSL/TSL support is mostly broken as-is.

[geier]

As far as I know, SNI is only supported by urllib3 on python3.2+, so there is no easy fix for this. Sorry if this makes pycarddav useless for you.

[WhyNotHugo]

Indeed. I'll close this issue; it's an upstream issue. I'll take my problem over to them. ;) I don't think nothing needs to be done here.

Also, as a side not, it doesn't make pycarddav useless for me; I'm SSH-port-forwaring into the server and using plain old HTTP though ssh. :)

[WhyNotHugo]

This has been fixed upstream (on python-requests). The latest git revision contains optional support for SNI. It's automatically enabled if the dependencies pyopenssl and ndg-httpsclient are installed.

I'm leaving this comment here informatively and for anyone else who comes across the same issue.