Message236506
> Python's SSL isn't using that. Python is taking in one big text file
> of SSL certs, with no link structure, and feeding it to OpenSSL.
Python's SSL is not "taking" anything:
>>> r = urlopen('https://www.verisign.com')
>>> r.read(10)
b' <!DOCTYPE'
It's only if you feed it that particular CA file that you get the issue:
>>> cafile = 'cacert.pem'
>>> r = urlopen('https://www.verisign.com', cafile=cafile)
[...]
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)>
You can *also* feed it a CA directory by using the "CApath" argument (*not* "CAfile").
Now it remains to be seen why "openssl s_client" works with the file nevertheless. |
|
Date |
User |
Action |
Args |
2015-02-24 15:34:38 | pitrou | set | recipients:
+ pitrou, nagle, demian.brecht, lac |
2015-02-24 15:34:38 | pitrou | set | messageid: <1424792078.32.0.241375249871.issue23476@psf.upfronthosting.co.za> |
2015-02-24 15:34:38 | pitrou | link | issue23476 messages |
2015-02-24 15:34:37 | pitrou | create | |
|