Jump to solution
Verify

Requests Getting http://.example.com raises UnicodeError (Fix)

Fixed
Spec
Package
Requests
Fixed In
2.27.0
Verdict
Status
Fixed
Safe for prod
No
Risk
Medium
Last verified
2026-02-09
Own content ratio
0.49
#5367 ai tls Updated: 2026-02-13
Issue #5367

The Fix

pip install requests==2.27.0

Based on closed psf/requests issue #5367 · PR/commit linked

Production note: Most teams hit this during upgrades or environment changes. Roll out with a canary and smoke critical endpoints (health, OpenAPI/docs) before 100%.

Jump to Verify Open PR/Commit
@@ -403,7 +403,7 @@ def prepare_url(self, url, params): except UnicodeError: raise InvalidURL('URL has an invalid label.') - elif host.startswith(u'*'): + elif host.startswith((u'*', u'.')): raise InvalidURL('URL has an invalid label.')
repro.py
{ "chardet": { "version": "3.0.4" }, "cryptography": { "version": "2.8" }, "idna": { "version": "2.8" }, "implementation": { "name": "CPython", "version": "3.8.0" }, "platform": { "release": "5.3.0-40-generic", "system": "Linux" }, "pyOpenSSL": { "openssl_version": "1010104f", "version": "19.1.0" }, "requests": { "version": "2.23.0" }, "system_ssl": { "version": "1010103f" }, "urllib3": { "version": "1.25.8" }, "using_pyopenssl": true }
verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.
fix.md
Option A — Upgrade to fixed release\npip install requests==2.27.0\nWhen NOT to use: Do not use if it changes public behavior or if the failure cannot be reproduced.\n\n

Why This Fix Works in Production

  • Trigger: Getting http://.example.com raises UnicodeError
  • Mechanism: Raises an InvalidUrl exception if the host starts with a '.' character, addressing the UnicodeError issue when accessing certain URLs.
  • Why the fix works: Raises an InvalidUrl exception if the host starts with a '.' character, addressing the UnicodeError issue when accessing certain URLs. (first fixed release: 2.27.0).
Production impact:
  • If left unfixed, the same config can fail only in production (env differences), causing startup failures or partial feature outages.

Why This Breaks in Prod

  • Surfaces as: Getting http://.example.com raises UnicodeError

Proof / Evidence

  • GitHub issue: #5367
  • Fix PR: https://github.com/psf/requests/pull/5414
  • First fixed release: 2.27.0
  • Reproduced locally: No (not executed)
  • Last verified: 2026-02-09
  • Confidence: 0.85
  • Did this fix it?: Yes (upstream fix exists)
  • Own content ratio: 0.49

Discussion

High-signal excerpts from the issue thread (symptoms, repros, edge-cases).

Jump to Sources Open on GitHub
“Attempting to get e.g. http://.example.com results in a UnicodeError. It seems like the intention so far has been to raise InvalidUrl instead (see e.g. this line). I see there was some hesitation in fixing a similar issue (#4168) and would”
Issue thread · issue description · source

Failure Signature (Search String)

  • Getting http://.example.com raises UnicodeError

Error Message

Stack trace
error.txt
Error Message ------------- Getting http://.example.com raises UnicodeError

Minimal Reproduction

repro.py
{ "chardet": { "version": "3.0.4" }, "cryptography": { "version": "2.8" }, "idna": { "version": "2.8" }, "implementation": { "name": "CPython", "version": "3.8.0" }, "platform": { "release": "5.3.0-40-generic", "system": "Linux" }, "pyOpenSSL": { "openssl_version": "1010104f", "version": "19.1.0" }, "requests": { "version": "2.23.0" }, "system_ssl": { "version": "1010103f" }, "urllib3": { "version": "1.25.8" }, "using_pyopenssl": true }

Fix Options (Details)

Option A — Upgrade to fixed release Safe default (recommended)

pip install requests==2.27.0

When NOT to use: Do not use if it changes public behavior or if the failure cannot be reproduced.

Use when you can deploy the upstream fix. It is usually lower-risk than long-lived workarounds.

Fix reference: https://github.com/psf/requests/pull/5414

First fixed release: 2.27.0

Last verified: 2026-02-09. Validate in your environment.

Get updates

We publish verified fixes weekly. No spam.

Subscribe

When NOT to Use This Fix

  • Do not use if it changes public behavior or if the failure cannot be reproduced.

Verify Fix

verify
Re-run the minimal reproduction on your broken version, then apply the fix and re-run.

Did This Fix Work in Your Case?

Quick signal helps us prioritize which fixes to verify and improve.

Prevention

  • Add a TLS smoke test that performs a real handshake in CI (include CA bundle validation and hostname checks).
  • Alert on handshake failures by error string and endpoint to catch cert/CA changes quickly.

Version Compatibility Table

VersionStatus
2.27.0 Fixed

Related Issues

No related fixes found.

Cluster: requests:configuration-error Requests hub Requests best practices All hubs All clusters
Related clusters: Data consistency SSL handshake Other

Sources

We don’t republish the full GitHub discussion text. Use the links above for context.

Source & Disclaimer: Analysis derived from GitHub Issue #5367. Not affiliated with the library maintainers. Verify before production use.