Message 333184 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, pervlad, vstinner
Date	2019-01-07.20:05:02
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1546891502.33.0.677357529496.issue35665@roundup.psfhosted.org>
In-reply-to

Content
OpenSSL 1.1.0 is more strict than OpenSSL 1.0.2. That's why you don't see the issue with Python 3.6 but with 3.7. The problem is explained in https://mta.openssl.org/pipermail/openssl-dev/2016-February/005100.html The CA has encoded the integer 102 (0x66) as "02 04 00 00 00 66", which violates the DER standard. The correct encoding is "02 01 66". >>> from asn1crypto.core import Integer >>> import binascii >>> binascii.hexlify(Integer(102).dump()) b'020166'

OpenSSL 1.1.0 is more strict than OpenSSL 1.0.2. That's why you don't see the issue with Python 3.6 but with 3.7. The problem is explained in https://mta.openssl.org/pipermail/openssl-dev/2016-February/005100.html

The CA has encoded the integer 102 (0x66) as "02 04 00
00 00 66", which violates the DER standard. The correct encoding is "02 01  66".

>>> from asn1crypto.core import Integer
>>> import binascii
>>> binascii.hexlify(Integer(102).dump())
b'020166'

History
Date	User	Action	Args
2019-01-07 20:05:04	christian.heimes	set	recipients: + christian.heimes, vstinner, pervlad
2019-01-07 20:05:02	christian.heimes	set	messageid: <1546891502.33.0.677357529496.issue35665@roundup.psfhosted.org>
2019-01-07 20:05:02	christian.heimes	link	issue35665 messages
2019-01-07 20:05:02	christian.heimes	create