This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

classification
Title: test_algorithms() of test_ssl fails: certificate of sha256.tbs-internet.com changed
Type: behavior Stage: resolved
Components: Tests Versions: Python 3.2, Python 3.3, Python 2.7
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: pitrou, python-dev, vstinner
Priority: normal Keywords:

Created on 2012-04-16 00:49 by vstinner, last changed 2022-04-11 14:57 by admin. This issue is now closed.

Messages (5)
msg158386 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2012-04-16 00:49 
http://www.python.org/dev/buildbot/all/builders/AMD64%20Gentoo%20Wide%203.x/builds/3677/steps/test/logs/stdio
======================================================================
ERROR: test_algorithms (test.test_ssl.NetworkedTests)
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/home/buildbot/buildarea/3.x.ochtman-gentoo-amd64/build/Lib/test/test_ssl.py", line 841, in test_algorithms
    s.connect(remote)
  File "/home/buildbot/buildarea/3.x.ochtman-gentoo-amd64/build/Lib/ssl.py", line 543, in connect
    self._real_connect(addr, False)
  File "/home/buildbot/buildarea/3.x.ochtman-gentoo-amd64/build/Lib/ssl.py", line 533, in _real_connect
    self.do_handshake()
  File "/home/buildbot/buildarea/3.x.ochtman-gentoo-amd64/build/Lib/ssl.py", line 513, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [Errno 1] _ssl.c:435: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed

----------------------------------------------------------------------

It looks like https://sha256.tbs-internet.com/ certificate changed: the serial number of the current certificate is 00:AA:55:98:78:20:F6:77:C2:A1:D0:15:C1:C3:F8:B2:2C.

The serial number of Lib/test/sha256.pem is c9:9a:83:ec:a0:48:07:71:66:c6:f2:cd:88:e1:b9:6d (try "openssl x509 -in Lib/test/sha256.pem  -text -noout" command).

I don't know how to download the new certificate.
msg158392 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-04-16 01:38 
New changeset f323b37ef6c1 by Antoine Pitrou in branch '3.2':
Issue #14589: Update certificate chain for sha256.tbs-internet.com, fixing a test failure in test_ssl.
http://hg.python.org/cpython/rev/f323b37ef6c1

New changeset 34f09c654a5b by Antoine Pitrou in branch 'default':
Issue #14589: Update certificate chain for sha256.tbs-internet.com, fixing a test failure in test_ssl.
http://hg.python.org/cpython/rev/34f09c654a5b
msg158393 - (view) Author: Roundup Robot (python-dev) (Python triager) Date: 2012-04-16 01:40 
New changeset 33bc53e0aa9e by Antoine Pitrou in branch '2.7':
Issue #14589: Update certificate chain for sha256.tbs-internet.com, fixing a test failure in test_ssl.
http://hg.python.org/cpython/rev/33bc53e0aa9e
msg158394 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2012-04-16 01:42 
Fixed!
Note: to get the new certificate chain, I just did:

$ openssl s_client -connect sha256.tbs-internet.com:443 -showcerts

:)
msg158396 - (view) Author: STINNER Victor (vstinner) * (Python committer) Date: 2012-04-16 01:48 
Thanks.
History
Date User Action Args
2022-04-11 14:57:29adminsetgithub: 58794
2012-04-16 01:48:03vstinnersetmessages: + msg158396
2012-04-16 01:42:30pitrousetstatus: open -> closed
type: behavior
messages: + msg158394

components: + Tests
resolution: fixed
stage: resolved
2012-04-16 01:40:32python-devsetmessages: + msg158393
2012-04-16 01:38:37python-devsetnosy: + python-dev
messages: + msg158392
2012-04-16 00:49:51vstinnercreate