This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients Joe N, christian.heimes, docs@python
Date 2018-07-09.20:37:03
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Cert revocation check is working fine for me. I've attached a demo script that uses

$ curl -O
$ openssl crl -in ssca-sha2-g5.crl -inform DER -out ssca-sha2-g5.pem.crl -outform PEM
$ python3.7 
Traceback (most recent call last):
  File "", line 19, in <module>
    s.connect(('', 443))
  File "/usr/lib64/python3.7/", line 1141, in connect
    self._real_connect(addr, False)
  File "/usr/lib64/python3.7/", line 1132, in _real_connect
  File "/usr/lib64/python3.7/", line 1108, in do_handshake
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: certificate revoked (_ssl.c:1045)

openssl s_client:

$ cat /etc/pki/tls/cert.pem ssca-sha2-g5.pem.crl > combined.pem
$ openssl s_client -connect -servername -CAfile combined.pem | grep Verify
    Verify return code: 0 (ok)
$ openssl s_client -connect -servername -CAfile combined.pem -crl_check | grep Verify
    Verify return code: 23 (certificate revoked)
Date User Action Args
2018-07-09 20:37:03christian.heimessetrecipients: + christian.heimes, docs@python, Joe N
2018-07-09 20:37:03christian.heimessetmessageid: <>
2018-07-09 20:37:03christian.heimeslinkissue34078 messages
2018-07-09 20:37:03christian.heimescreate