Message 103823 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	beda
Recipients	beda
Date	2010-04-21.11:56:16
SpamBayes Score	7.508418e-10
Marked as misclassified	No
Message-id	<1271850980.01.0.0395535667848.issue8484@psf.upfronthosting.co.za>
In-reply-to

Content
When trying a secure connection to an HTTPS server with server certificate verification, I get very strange behaviour when the digest used in the signing certificate is SHA-256 (+RSA). On Windows with Python 2.6.4 or 2.6.5, I consistently get the following error: ssl.SSLError: [Errno 1] _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm When I tried to reproduce this on Ubuntu Linux, I found that it either failed with the same error or succeeded in case the hashlib was imported before the actual code. I got the same behaviour on Gentoo Linux with Python 2.6.4 and Fedora 11 and Debian unstable with other versions of Python 2.6. On Windows, importing hashlib prior to the code does not fix it as is does on Linux. Using openssl s_client (openssl s_client -connect sha256.tbs-internet.com:443 -CAfile chain.pem) give no error, so the problem is not directly with openssl. It seems that the Python ssl (_ssl) library does not load properly the corresponding hash modules from openssl or something like this. I attach a sample script with the hashlib import commented out. I also add a pem file with certificates needed for the code to check the server certificate. P.S.- I was able to reproduce the same behaviour with another site using SHA-256 base digests.

When trying a secure connection to an HTTPS server with server certificate verification, I get very strange behaviour when the digest used in the signing certificate is SHA-256 (+RSA).
On Windows with Python 2.6.4 or 2.6.5, I consistently get the following error:

ssl.SSLError: [Errno 1] _ssl.c:480: error:0D0C50A1:asn1 encoding routines:ASN1_item_verify:unknown message digest algorithm

When I tried to reproduce this on Ubuntu Linux, I found that it either failed with the same error or succeeded in case the hashlib was imported before the actual code. I got the same behaviour on Gentoo Linux with Python 2.6.4 and Fedora 11 and Debian unstable with other versions of Python 2.6.
On Windows, importing hashlib prior to the code does not fix it as is does on Linux.

Using openssl s_client (openssl s_client -connect sha256.tbs-internet.com:443 -CAfile chain.pem) give no error, so the problem is not directly with openssl.
It seems that the Python ssl (_ssl) library does not load properly the corresponding hash modules from openssl or something like this.

I attach a sample script with the hashlib import commented out. I also add a pem file with certificates needed for the code to check the server certificate.

P.S.- I was able to reproduce the same behaviour with another site using SHA-256 base digests.

History
Date	User	Action	Args
2010-04-21 11:56:22	beda	set	recipients: + beda
2010-04-21 11:56:20	beda	set	messageid: <1271850980.01.0.0395535667848.issue8484@psf.upfronthosting.co.za>
2010-04-21 11:56:18	beda	link	issue8484 messages
2010-04-21 11:56:17	beda	create