This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Jizhou Yang
Recipients Jizhou Yang, christian.heimes
Date 2019-05-28.14:36:04
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1559054164.15.0.615290495729.issue37079@roundup.psfhosted.org>
In-reply-to
Content 
Loading cadata in PEM format results in a nested asn1 error. Workaround is to convert cadata to unicode.

Minimum code for reproducing the issue:
>>>import ssl
>>> with open('ca.crt') as f:
...     ca_crt = f.read()
...
>>> c = ssl.create_default_context()
>>> c.load_verify_locations(cadata=ca_crt)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
ssl.SSLError: nested asn1 error (_ssl.c:2902)

With workaround to make it work:
>>>import ssl
>>> with open('ca.crt') as f:
...     ca_crt = f.read()
...
>>> c = ssl.create_default_context()
>>> c.load_verify_locations(cadata=unicode(ca_crt))

The issue is annoying as the documentation explicitly states cadata to be "either an ASCII string of one or more PEM-encoded certificates...". Furthermore the unicode function is not present in Python 3.x, making the workaround version-dependent.
History
Date User Action Args
2019-05-28 14:36:04Jizhou Yangsetrecipients: + Jizhou Yang, christian.heimes
2019-05-28 14:36:04Jizhou Yangsetmessageid: <1559054164.15.0.615290495729.issue37079@roundup.psfhosted.org>
2019-05-28 14:36:04Jizhou Yanglinkissue37079 messages
2019-05-28 14:36:04Jizhou Yangcreate