Cannot lookup .kr domains

[jkellson]

Other domains work fine, but when I try to lookup .kr domain, I get:

Traceback (most recent call last):
  File "test.py", line 425, in whoisf
        results = obj.lookup_rdap(depth=1)
  File "/usr/local/lib/python2.7/dist-packages/ipwhois/ipwhois.py", line 340, in lookup_rdap
        field_list=nir_field_list, is_offline=False
  File "/usr/local/lib/python2.7/dist-packages/ipwhois/nir.py", line 573, in lookup
        form_data=form_data
  File "/usr/local/lib/python2.7/dist-packages/ipwhois/net.py", line 954, in get_http_raw
        raise HTTPLookupError('HTTP lookup failed for {0}.'.format(url))
HTTPLookupError: HTTP lookup failed for https://whois.kisa.or.kr/eng/whois.jsc.

Do you know, what might be the problem?

[secynic]

Do you have an IP that I can test? My tests for KRNIC are working ok.

[secynic]

@jkellson Any update on IPs you were having issues with?

[ghost]

@secynic You can reproduce this error on : 1.11.1.1

ssl.CertificateError: hostname '후이즈검색.한국' doesn't match either of 'whois.kisa.or.kr', 'whois.kr', 'whois.nic.or.kr', 'xn--c79as89aj0e29b77z.kr', 'xn--c79as89aj0e29b77z.xn--3e0b707e'

Full stacktrace : https://pastebin.com/Ud1xAgTh

[ghost]

Quick work arround : set a HTTPSHandler

import ssl
ctx = ssl.create_default_context()
ctx.check_hostname = False
ctx.verify_mode = ssl.CERT_NONE
https_handler = request.HTTPSHandler(context=ctx)
opener = request.build_opener(https_handler)
obj = IPWhois(self.lock, proxy_opener=opener)

[wesinator]

@secynic To reproduce:

from ipwhois import IPWhois
obj = IPWhois('1.11.1.1')
results = obj.lookup_rdap(depth=1)

@noJ0y will that disable TLS on subsequent requests ?

[secynic]

@noJ0y Are you still having this issue? Can you try testing the dev branch? That is pointing to the xn domain now, due to #243

[DolleDries]

I have this error too.
ipwhois.exceptions.HTTPLookupError: HTTP lookup failed for https://whois.kisa.or.kr/eng/whois.jsc

Is it solved? Should I try the dev branch, Still on python2.7......

Weird.... I've changed line 111 in nir.py from
'url': 'https://whois.kisa.or.kr/eng/whois.jsc',
to
'url': 'https://xn--c79as89aj0e29b77z.xn--3e0b707e/eng/main.jsp',
and it works!

[secynic]

This is fixed in the dev branch, please let me know if you still have issues

[toomuchio]

@secynic

Still happening on the latest git version

ssl.CertificateError: hostname '후이즈검색.한국' doesn't match either of 'whois.kisa.or.kr', 'xn--c79as89aj0e29b77z.xn--3e0b707e', 'whois.kr', 'xn--c79as89aj0e29b77z.kr', 'whois.nic.or.kr'

[eureka386]

I got same error, too. But I met 2 deferent cases in the same ipwhois version. First, It was OK on my laptop, but same error occurred on an old system. It looks like the openssl/python ssl library version issues.

[secynic]

This is starting to annoy me. They keep adding DNS entries.

Browsing to https://whois.kisa.or.kr redirected me to https://후이즈검색.한국/

I should add that this new entry is not listed in their cert Subject Alternate Names. Will need to figure out how to deal with this without compromising cert checks.

[secynic]

@toomuchio @eureka386 Can you tell me what Python and openssl versions you got this error on? I am not able to replicate the error in my tests.

[eureka386]

The troubled version is 3.6.

As I told you, I'm not sure but It looks like the native urllib.request library issue.
(hmm...might be not openssl issues, sorry)
Because it works fine using the Requests library(3rd party) on that(old) server.
(I have no idea what library use in the requests library, but it works well)

// python3.6

import requests
requests.get('https://xn--c79as89aj0e29b77z.xn--3e0b707e/')
<Response [200]> <=== no error.

import urllib.request
local_filename, headers = urllib.request.urlretrieve('https://xn--c79as89aj0e29b77z.xn--3e0b707e/')
Traceback (most recent call last):
File "", line 1, in
File "/usr/lib/python3.6/urllib/request.py", line 248, in urlretrieve

....

ssl.CertificateError: hostname '후이즈검색.한국' doesn't match either of 'whois.kisa.or.kr', 'xn--c79as89aj0e29b77z.xn--3e0b707e', 'whois.kr', 'xn--c79as89aj0e29b77z.kr', 'whois.nic.or.kr' <= ssl errors

[secynic]

So it looks like Python 3.7 and later use openssl for hostname checks and cert validation. Requests uses urllib3 which implements its own hostname checks. I am trying to figure out how to get this working for <3.7 without adding a dependency for Requests.

[ewongbb]

fwiw.. the change as mentioned in #207 (comment) worked around this issue. though I suspect it's a temp thing.

[illes]

@secynic is correct, the root cause Python bug #28414 is present in Python 2.7, 3.6, 3.7, but fixed only in Python 3.7+

[cyberszary]

I have similar problem with ipwhois. I get a error:

ipwhois.exceptions.HTTPLookupError: HTTP lookup failed for http://rdap.db.ripe.net/ip/94.231.107.241.

I have Python 3.9.2