Message236506
| Author |
pitrou |
| Recipients |
demian.brecht, lac, nagle, pitrou |
| Date |
2015年02月24日.15:34:37 |
| SpamBayes Score |
-1.0 |
| Marked as misclassified |
Yes |
| Message-id |
<1424792078.32.0.241375249871.issue23476@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
> Python's SSL isn't using that. Python is taking in one big text file
> of SSL certs, with no link structure, and feeding it to OpenSSL.
Python's SSL is not "taking" anything:
>>> r = urlopen('https://www.verisign.com')
>>> r.read(10)
b' <!DOCTYPE'
It's only if you feed it that particular CA file that you get the issue:
>>> cafile = 'cacert.pem'
>>> r = urlopen('https://www.verisign.com', cafile=cafile)
[...]
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)>
You can *also* feed it a CA directory by using the "CApath" argument (*not* "CAfile").
Now it remains to be seen why "openssl s_client" works with the file nevertheless. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2015年02月24日 15:34:38 | pitrou | set | recipients:
+ pitrou, nagle, demian.brecht, lac |
| 2015年02月24日 15:34:38 | pitrou | set | messageid: <1424792078.32.0.241375249871.issue23476@psf.upfronthosting.co.za> |
| 2015年02月24日 15:34:38 | pitrou | link | issue23476 messages |
| 2015年02月24日 15:34:37 | pitrou | create |
|