This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients exarkun, giampaolo.rodola, janssen, pitrou
Date 2010-08-29.16:00:06
SpamBayes Score 3.3919212e-06
Marked as misclassified No
Message-id <1283097602.3369.15.camel@localhost.localdomain>
In-reply-to <1283077909.09.0.00611271128967.issue9706@psf.upfronthosting.co.za>
Content 
> The only idea which comes to mind is try to open() the file before calling load_cert_chain().
> That would automatically also take care of permission errors, etc..
> Not very clean, but... :-\

It's vulnerable to various issues such as race conditions (for example,
you open() the file while it still exists but it doesn't exist anymore
when OpenSSL opens it again).

A clean way to do this would be to use lower-level APIs such as
PEM_read_X509(), so that we can pass our own FILE* to OpenSSL. But it is
also much more code to write.

That said, have you checked the system errno at this point? Perhaps it
gives us enough information (if it hasn't been cleared by
OpenSSL... :/).

> No ideas here. I googled for some OpenSSL API to verify the
> certificate, which we can even possibly expose in ssl.py, but I
> couldn't find any.

I don't think that would change anything, since the verification APIs
would probably give you the exact same error message.
History
Date User Action Args
2010-08-29 16:00:10pitrousetrecipients: + pitrou, exarkun, janssen, giampaolo.rodola
2010-08-29 16:00:08pitroulinkissue9706 messages
2010-08-29 16:00:06pitroucreate