[New-bugs-announce] [issue27970] ssl: can't verify a trusted site with imcomplete certificate chain
lilydjwg
report at bugs.python.org
Tue Sep 6 04:52:17 EDT 2016
New submission from lilydjwg:
This fails:
Python 3.5.2 (default, Jun 28 2016, 08:46:01)
[GCC 6.1.1 20160602] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> import socket
>>> s = socket.socket()
>>> c = ssl.create_default_context(cafile='COMODORSADomainValidationSecureServerCA.crt')
>>> s = c.wrap_socket(s, server_hostname='miaosss.top')
>>> s.connect(('miaosss.top', 443))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.5/ssl.py", line 1019, in connect
self._real_connect(addr, False)
File "/usr/lib/python3.5/ssl.py", line 1010, in _real_connect
self.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
But openssl can succeed:
openssl s_client -connect miaosss.top:443 -CAfile COMODORSADomainValidationSecureServerCA.crt -servername miaosss.top
endswith "Verify return code: 0 (ok)"
Firefox and SSLlabs (https://www.ssllabs.com/ssltest/analyze.html?d=miaosss.top) both show it's trusted.
----------
messages: 274542
nosy: lilydjwg
priority: normal
severity: normal
status: open
title: ssl: can't verify a trusted site with imcomplete certificate chain
type: behavior
versions: Python 3.5
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue27970>
_______________________________________
More information about the New-bugs-announce
mailing list