This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author kacper
Recipients christian.heimes, kacper
Date 2022-01-02.22:03:18
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
Currently all subject sets of a client certificate are treated as UTF8 strings using the ASN1_STRING_to_UTF8 function (, however RFC 5280 states that the UniqueIdentifier is of type BIT STRING. Passing a BIT STRING into the ASN1_STRING_to_UTF8 function seems to return -1 and subsequently fail a SSL handshake.

Traceback (most recent call last):
  File "/usr/lib64/python3.6/asyncio/", line 145, in _run
  File "/usr/lib64/python3.6/site-packages/tornado/platform/", line 138, in _handle_events
    handler_func(fileobj, events)
  File "/usr/lib64/python3.6/site-packages/tornado/", line 702, in _handle_events
  File "/usr/lib64/python3.6/site-packages/tornado/", line 1471, in _handle_read
  File "/usr/lib64/python3.6/site-packages/tornado/", line 1431, in _do_ssl_handshake
    if not self._verify_cert(self.socket.getpeercert()):
  File "/usr/lib64/python3.6/", line 860, in getpeercert
    return self._sslobj.getpeercert(binary_form)
  File "/usr/lib64/python3.6/", line 610, in getpeercert
    return self._sslobj.peer_certificate(binary_form)
ssl.SSLError: unknown error (_ssl.c:959)

(line 959 of _ssl.c corresponds to might be of interest for further discussion.
Date User Action Args
2022-01-02 22:03:19kacpersetrecipients: + kacper, christian.heimes
2022-01-02 22:03:19kacpersetmessageid: <>
2022-01-02 22:03:19kacperlinkissue46232 messages
2022-01-02 22:03:18kacpercreate