classification
Title: ssl socket with certificate verification fails on SHA256 digest algorithm
Type: behavior Stage: resolved
Components: Library (Lib) Versions: Python 3.1, Python 3.2, Python 2.7, Python 2.6
process
Status: closed Resolution: fixed
Dependencies: Superseder:
Assigned To: Nosy List: beda, giampaolo.rodola, gregory.p.smith, janssen, loewis, pitrou, rpetrov
Priority: normal Keywords: patch

Created on 2010-04-21 11:56 by beda, last changed 2010-04-22 22:13 by pitrou. This issue is now closed.

Files
File name Uploaded Description Edit
ssl_check.py beda, 2010-04-21 11:56 Sample script demonstrating this error
chain.pem beda, 2010-04-21 11:57 The necessary keychain - should be placed besides the script
algos.patch pitrou, 2010-04-21 15:12
Messages (10)
msg103823 - (view) Author: Beda Kosata (beda) Date: 2010-04-21 11:56
When trying a secure connection to an HTTPS server with server certificate verification, I get very strange behaviour when the digest used in the signing certificate is SHA-256 (+RSA).
On Windows with Python 2.6.4 or 2.6.5, I consistently get the following error:

ssl.SSLError: [Errno 1] _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

When I tried to reproduce this on Ubuntu Linux, I found that it either failed with the same error or succeeded in case the hashlib was imported before the actual code. I got the same behaviour on Gentoo Linux with Python 2.6.4 and Fedora 11 and Debian unstable with other versions of Python 2.6.
On Windows, importing hashlib prior to the code does not fix it as is does on Linux.

Using openssl s_client (openssl s_client -connect sha256.tbs-internet.com:443 -CAfile chain.pem) give no error, so the problem is not directly with openssl.
It seems that the Python ssl (_ssl) library does not load properly the corresponding hash modules from openssl or something like this.

I attach a sample script with the hashlib import commented out. I also add a pem file with certificates needed for the code to check the server certificate.

P.S.- I was able to reproduce the same behaviour with another site using SHA-256 base digests.
msg103827 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-21 12:14
Changing OpenSSL initialization to the following seems to fix the issue (with OpenSSL 0.9.8k and 1.0.0):

        /* Init OpenSSL */
        SSL_load_error_strings();
        SSL_library_init();
#ifdef WITH_THREAD
        /* note that this will start threading if not already started */
        if (!_setup_ssl_threads()) {
                return;
        }
#endif
        OpenSSL_add_all_algorithms();


_hashopenssl.c might need that code too, therefore I'm adding gps to the nosy list.
msg103851 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-21 15:12
Here is a patch. I'm not really happy about the test because it relies on an external test site, and the certificate apparently expires in 2011.
msg103862 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-21 16:26
After several attempts, I've failed generating a self-signed certificate that would reproduce the issue without relying on an external server. Perhaps there's something else than simply the hashing algorithm. In any case I think I'm simply gonna keep the current patch.
msg103882 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2010-04-21 18:40
That patch makes no sense. According to SSL_library_init(3SSL),

"OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms for SSL_library_init()"

So it shouldn't really matter which of these you call, and it should be sufficient to call only one of them (or the documentation is incorrect).
msg103887 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-21 18:50
> "OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are
> synonyms for SSL_library_init()"

The patch calls OpenSSL_add_all_algorithms(), though.
(yes, it's a different one :-))
http://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html
msg103892 - (view) Author: Martin v. Löwis (loewis) * (Python committer) Date: 2010-04-21 19:20
> The patch calls OpenSSL_add_all_algorithms(), though.

Ah, ok. The patch looks fine to me, then.
msg103909 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-21 20:40
Fixed in r80314 (trunk), r80316 (2.6), r80317 (py3k), r80318 (3.1). Thank you!
msg103982 - (view) Author: Roumen Petrov (rpetrov) * Date: 2010-04-22 21:49
Probably test case will fail is sha256 module is not loaded - openssl versions before 0.9.8
msg103984 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-22 22:13
> Probably test case will fail is sha256 module is not loaded - openssl versions before 0.9.8

Yes, this has been fixed in r80375.
History
Date User Action Args
2010-04-22 22:13:30pitrousetmessages: + msg103984
2010-04-22 21:49:34rpetrovsetnosy: + rpetrov
messages: + msg103982
2010-04-21 20:40:22pitrousetstatus: open -> closed
resolution: fixed
messages: + msg103909

stage: resolved
2010-04-21 19:20:18loewissetmessages: + msg103892
title: ssl socket with certificate verification fails on SHA256 digest algorithm -> ssl socket with certificate verification fails on SHA256 digest algorithm
2010-04-21 18:50:46pitrousetmessages: + msg103887
2010-04-21 18:40:15loewissetnosy: + loewis
messages: + msg103882
2010-04-21 16:26:14pitrousetmessages: + msg103862
2010-04-21 15:12:31pitrousetfiles: + algos.patch
keywords: + patch
messages: + msg103851
2010-04-21 12:14:04pitrousetnosy: + gregory.p.smith
messages: + msg103827
2010-04-21 12:02:02pitrousetpriority: normal
nosy: + janssen, pitrou, giampaolo.rodola

type: crash -> behavior
versions: + Python 3.1, Python 2.7, Python 3.2
2010-04-21 11:57:11bedasetfiles: + chain.pem
2010-04-21 11:56:18bedacreate