Take into account that certs are not issued to "localhost"

Use FQDN instead

diff --git a/src/web_interface.py b/src/web_interface.py
index a647a9c..011ac91 100644 (file)
--- a/src/web_interface.py
+++ b/src/web_interface.py
@@ -36,11 +36,15 @@ import re
 import ssl
 import http.client as client
 import urllib.parse as parse
+import socket
 import logging
 log = logging.getLogger('pyi2ncommon.web_interface')
 
 from .arnied_wrapper import accept_licence
 
+#: FQDN of local machine
+LOCALHOST = socket.gethostname()
+
 
 def find_in_form(regex, form="status", escape=False, check_certs=True):
     """
@@ -73,7 +77,9 @@ def web_page_request(method="GET", url="/", body=None, check_certs=True):
     implications!) by setting `check_certs` to `False`. To allow a secure
     connection to host with e.g. a self-signed certificate, the caller can
     load this certificate by specifying `check_certs=/path/to/cert.pem`.
-    (see also: :py:meth:`ssl.SSLContext.load_verify_locations`)
+    (see also: :py:meth:`ssl.SSLContext.load_verify_locations`). Note that the
+    certificate has to be issued for the same server name that we try to
+    access, i.e. :py:data:`LOCALHOST`.
 
     :param str method: GET or POST method for the request
     :param str url: url location within the remote host
@@ -96,7 +102,7 @@ def web_page_request(method="GET", url="/", body=None, check_certs=True):
     else:
         # disable certificate checks
         context = ssl._create_unverified_context()
-    conn = client.HTTPSConnection("localhost", context=context)
+    conn = client.HTTPSConnection(LOCALHOST, context=context)
     conn.request(method, url, body, headers)
     resp = conn.getresponse()
     logging.info("Request status %s and response %s",