This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author pitrou
Recipients demian.brecht, lac, nagle, pitrou
Date 2015-02-24.15:34:37
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
> Python's SSL isn't using that.  Python is taking in one big text file 
> of SSL certs, with no link structure, and feeding it to OpenSSL.  

Python's SSL is not "taking" anything:

>>> r = urlopen('')

It's only if you feed it that particular CA file that you get the issue:

>>> cafile = 'cacert.pem'
>>> r = urlopen('', cafile=cafile)
urllib.error.URLError: <urlopen error [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)>

You can *also* feed it a CA directory by using the "CApath" argument (*not* "CAfile").

Now it remains to be seen why "openssl s_client" works with the file nevertheless.
Date User Action Args
2015-02-24 15:34:38pitrousetrecipients: + pitrou, nagle, demian.brecht, lac
2015-02-24 15:34:38pitrousetmessageid: <>
2015-02-24 15:34:38pitroulinkissue23476 messages
2015-02-24 15:34:37pitroucreate