Message409140
> I need more information to diagnose the issue. Could you please provide:
> - your operating system and vendor/distribution
Gentoo, so rolling, but 20 years of maintenance experience.
> - your OpenSSL version (ssl.OPENSSL_VERSION)
$ python
Python 3.9.9 (main, Dec 21 2021, 17:21:49)
[GCC 10.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
@>>> import ssl
@>>> print(ssl.OPENSSL_VERSION)
OpenSSL 1.1.1l 24 Aug 2021
> - how did you install Python (self-compiled, pyenv, system Python)?
System Python. On Gentoo, features configuration revolve around USE flags, but I don't have anything curious built with "gdbm ncurses readline sqlite ssl xml" being active:
$ eix dev-lang/python$
[U] dev-lang/python
Available versions:
...
(3.9) 3.9.9^t{xpak}
...
{berkdb bluetooth build examples gdbm hardened libedit lto +ncurses pgo +readline +sqlite +ssl test tk verify-sig wininst +xml ELIBC="uclibc"}
Installed versions: 3.9.9(3.9)^t{xpak}(17:22:24 21.12.2021)(gdbm ncurses readline sqlite ssl xml -bluetooth -build -examples -hardened -lto -pgo -test -tk -verify-sig -wininst)
Homepage: https://www.python.org/
Description: An interpreted, interactive, object-oriented programming language
> - how did you install PyOpenSSL and cryptography?
Regular system package manager install
$ eix pyopenssl
[I] dev-python/pyopenssl
Available versions: 20.0.1^t{xpak} {doc test PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"}
Installed versions: 20.0.1^t{xpak}(11:43:07 03.06.2021)(-doc -test PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10")
Homepage: https://www.pyopenssl.org/ https://pypi.org/project/pyOpenSSL/ https://github.com/pyca/pyopenssl/
Description: Python interface to the OpenSSL library
$ eix cryptography
[I] dev-python/cryptography
Available versions: 3.4.7-r2^t{xpak} **36.0.0^t {debug test PYTHON_TARGETS="pypy3 python3_8 python3_9 python3_10"}
Installed versions: 3.4.7-r2^t{xpak}(16:35:10 21.12.2021)(-test PYTHON_TARGETS="python3_9 -pypy3 -python3_8 -python3_10")
Homepage: https://github.com/pyca/cryptography/ https://pypi.org/project/cryptography/
Description: Library providing cryptographic recipes and primitives
> - the full output of: openssl s_client -connect webapi.remote:52100
$ openssl s_client -connect webapi.remote:52100
CONNECTED(00000003)
depth=0 CN = webapi.remote
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = webapi.remote
verify return:1
---
Certificate chain
0 s:CN = webapi.remote
i:CN = webapi.remote
---
Server certificate
-----BEGIN CERTIFICATE-----
<cut>
-----END CERTIFICATE-----
subject=CN = webapi.remote
issuer=CN = webapi.remote
---
No client certificate CA names sent
Peer signing digest: SHA1
Peer signature type: RSA
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1254 bytes and written 502 bytes
Verification error: self signed certificate
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-SHA384
Session-ID: 27060000127E5AA837E96D63F5DE532C53FAD1D5C034CBF3D305B7978E9636A0
Session-ID-ctx:
Master-Key: FAE8DE30BF627E7F02F8B4AA856075675FAF3A92365A1E9E8041F799E29CE809749B35514065255C62F0D449405C02B8
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1640346190
Timeout : 7200 (sec)
Verify return code: 18 (self signed certificate)
Extended master secret: yes
---
DONE |
|
Date |
User |
Action |
Args |
2021-12-24 11:47:37 | lkraav | set | recipients:
+ lkraav, christian.heimes |
2021-12-24 11:47:37 | lkraav | set | messageid: <1640346457.49.0.361362317214.issue46156@roundup.psfhosted.org> |
2021-12-24 11:47:37 | lkraav | link | issue46156 messages |
2021-12-24 11:47:37 | lkraav | create | |
|