This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author lilydjwg
Recipients lilydjwg
Date 2016-09-06.08:52:17
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1473151937.46.0.395458552575.issue27970@psf.upfronthosting.co.za>
In-reply-to
Content 
This fails:

Python 3.5.2 (default, Jun 28 2016, 08:46:01)
[GCC 6.1.1 20160602] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> import socket
>>> s = socket.socket()
>>> c = ssl.create_default_context(cafile='COMODORSADomainValidationSecureServerCA.crt')
>>> s = c.wrap_socket(s, server_hostname='miaosss.top')
>>> s.connect(('miaosss.top', 443))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.5/ssl.py", line 1019, in connect
    self._real_connect(addr, False)
  File "/usr/lib/python3.5/ssl.py", line 1010, in _real_connect
    self.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
    self._sslobj.do_handshake()
  File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)

But openssl can succeed:

openssl s_client -connect miaosss.top:443 -CAfile COMODORSADomainValidationSecureServerCA.crt -servername miaosss.top

endswith "Verify return code: 0 (ok)"

Firefox and SSLlabs (https://www.ssllabs.com/ssltest/analyze.html?d=miaosss.top) both show it's trusted.
History
Date User Action Args
2016-09-06 08:52:17lilydjwgsetrecipients: + lilydjwg
2016-09-06 08:52:17lilydjwgsetmessageid: <1473151937.46.0.395458552575.issue27970@psf.upfronthosting.co.za>
2016-09-06 08:52:17lilydjwglinkissue27970 messages
2016-09-06 08:52:17lilydjwgcreate