Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #85759

Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com"

Path csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!eu.feeder.erje.net!newsfeed.xs4all.nl!newsfeed2.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path <nagle@animats.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.001
X-Spam-Evidence '*H*': 1.00; '*S*': 0.00; 'broken': 0.04; 'url:launchpad': 0.05; 'subject:Python': 0.06; 'laura': 0.07; 'linux,': 0.07; 'creighton': 0.09; 'python:': 0.09; 'run,': 0.09; 'cc:addr:python-list': 0.11; 'python': 0.11; 'bug': 0.12; 'jan': 0.12; 'subject:SSL': 0.16; 'wrote:': 0.18; 'command': 0.22; 'aug': 0.22; 'python?': 0.22; 'tests': 0.22; 'cc:addr:python.org': 0.22; 'header:User-Agent:1': 0.23; 'url:private': 0.24; 'versions': 0.24; 'cc:2**0': 0.24; 'cc:no real name:2**0': 0.24; 'options': 0.25; 'possibly': 0.26; 'pass': 0.26; 'header:In-Reply-To:1': 0.27; 'url:bugs': 0.29; 'bug?': 0.31; 'file': 0.32; 'probably': 0.32; 'linux': 0.33; 'cases': 0.33; 'url:source': 0.33; 'test': 0.35; 'there': 0.35; 'version': 0.36; 'ubuntu': 0.36; 'pm,': 0.38; 'little': 0.38; 'subject:"': 0.60; 'john': 0.61; 'different': 0.65; 'situation': 0.65; 'charset:windows-1252': 0.65; 'header :Reply-To:1': 0.67; 'reply-to:no real name:2**0': 0.71; 'ships': 0.84
Date Tue, 17 Feb 2015 16:28:50 -0800
From John Nagle <nagle@animats.com>
Organization Animats
User-Agent Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0
MIME-Version 1.0
To Laura Creighton <lac@openend.se>
Subject Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com"
References <mbup6k$vgt$1@dont-email.me> <mailman.18781.1424160053.18130.python-list@python.org><54E3C75F.80307@animats.com> <201502172342.t1HNgJYR027238@fido.openend.se>
In-Reply-To <201502172342.t1HNgJYR027238@fido.openend.se>
Content-Type text/plain; charset=windows-1252
Content-Transfer-Encoding 7bit
X-Sonic-CAuth UmFuZG9tSVZptCBDiiyprjOBTWQhJ1gVEL7JxkEhYhSuceH+Upg56LXA1A+ctalwtlx7x0+qLu5JWPxmpl8Uy86C30+8Ik14
X-Sonic-ID C;8FIEGwW35BGCtmRBj30JFw== M;JhhyGwW35BGCtmRBj30JFw==
X-Spam-Flag No
X-Sonic-Spam-Details 0.0/5.0 by cerberusd
Cc python-list@python.org
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.15
Precedence list
Reply-To nagle@animats.com
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups comp.lang.python
Message-ID <mailman.18797.1424220117.18130.python-list@python.org> (permalink)
Lines 48
NNTP-Posting-Host 2001:888:2000:d::a6
X-Trace 1424220117 news.xs4all.nl 2888 [2001:888:2000:d::a6]:60457
X-Complaints-To abuse@xs4all.nl
Xref csiph.com comp.lang.python:85759

Show key headers only | View raw

On 2/17/2015 3:42 PM, Laura Creighton wrote:
> Possibly this bug?
> https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1014640
> 
> Laura

  Probably that bug in OpenSSL.  Some versions of OpenSSL are
known to be broken for cases where there multiple valid certificate
trees.

  Python ships with its own copy of OpenSSL on Windows.  Tests
for "www.verisign.com"

Win7, x64:

   Python 2.7.9 with OpenSSL 1.0.1j 15 Oct 2014. FAIL
   Python 3.4.2 with OpenSSL 1.0.1i 6 Aug 2014.  FAIL
   openssl s_client -OpenSSL 1.0.1h 5 Jun 2014   FAIL

Ubuntu 14.04 LTS, using distro's versions of Python:

   Python 2.7.6 - test won't run, needs create_default_context
   Python 3.4.0 with OpenSSL 1.0.1f 6 Jan 2014.  FAIL
   openssl s_client  OpenSSL 1.0.1f 6 Jan 2014   PASS

   That's with the same cert file in all cases.
The OpenSSL version for Python programs comes from
ssl.OPENSSL_VERSION.

   The Linux situation has me puzzled.  On Linux,
Python is supposedly using the system version of OpenSSL.
The versions match.  Why do Python and the command line
client disagree?  Different options passed to OpenSSL
by Python?

   Here's the little test program:

http://www.animats.com/private/sslbug

   Please try that and let me know what happens on
other platforms.  Works with Python 2.7.9 or 3.x.

			John Nagle

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" John Nagle <nagle@animats.com> - 2015-02-16 23:05 -0800
  Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" Laura Creighton <lac@openend.se> - 2015-02-17 09:00 +0100
    Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" John Nagle <nagle@animats.com> - 2015-02-17 14:57 -0800
      Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" Laura Creighton <lac@openend.se> - 2015-02-18 00:42 +0100
      Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" John Nagle <nagle@animats.com> - 2015-02-17 16:28 -0800
      Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" Laura Creighton <lac@openend.se> - 2015-02-18 08:49 +0100
    Re: Python 2.7.9, 3.4.2 won't verify SSL cert for "verisign.com" John Nagle <nagle@animats.com> - 2015-02-17 14:57 -0800

csiph-web