Message274550
From https://www.ssllabs.com/ssltest/analyze.html?d=miaosss.top
Chain issues Incomplete
Extra download COMODO RSA Domain Validation Secure Server CA
Python does not support extra downloads of incomplete chains. The server must return the EE cert and all intermediate certs during the TLS handshake.
You also can't pass the intermediate cert as a CA cert. It's not a trust anchor. You could load both the trust anchor and intermediate cert as CA certs (concatenate intermediate and root certs), but that is potentially dangerous. Safer way is https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_add0_chain_cert.html but Python does not have an API for SSL_CTX_add0_chain_cert().
Best solution: get the server fixed. It doesn't behave correctly. |
|
Date |
User |
Action |
Args |
2016-09-06 10:49:31 | christian.heimes | set | recipients:
+ christian.heimes, lilydjwg |
2016-09-06 10:49:31 | christian.heimes | set | messageid: <1473158971.86.0.83444164918.issue27970@psf.upfronthosting.co.za> |
2016-09-06 10:49:31 | christian.heimes | link | issue27970 messages |
2016-09-06 10:49:31 | christian.heimes | create | |
|