Le 22/05/2018 à 16:49, Viktor Dukhovni a écrit : > >> On May 22, 2018, at 10:39 AM, Hoggins! <[email protected]> wrote: >> >> Hello Viktor, >> >> I have published the correct TLSA records (generated with my "old" >> system) this morning, they are fixed for now. > Yes, I see that too. I've removed your domains from: > > https://github.com/danefail/list
Thank you > >> Le 22/05/2018 à 16:11, Viktor Dukhovni a écrit : >>>> On May 22, 2018, at 5:05 AM, Hoggins! <[email protected]> wrote: >>>> >>> I think I see the bug: >>> >>>> -- non working system : Fedora 28, python2-libs-2.7.15-1.fc28.x86_64 >>>> >>>> <snip> >>>> while True: >>>> cptr = m2.x509_read_pem(bio._ptr()) >>>> if not cptr: >>>> break >>>> chain.append(X509.X509(cptr, _pyfree=1)) >>> You're telling Python it owns the certificate object reference >>> and should free it when no longer needed. Then add the certificate >>> to the chain, but this call may not bump the certificate reference >>> count. >>> >>>> print chain >>> Here you print the chain. And the certificate itself goes out of >>> scope and is freed, the chain no longer holds a valid reference. >> Actually when inside the loop, chain is not empty, it's only outside of >> it that it seems to be freed. > Yes, perhaps because the certificate object is still in scope. What > happens if you load all the certificates into a list in the loop, > and build the chain from the list outside the loop, then the array > still references the certificates. > > If we get too deep into Python, we'll be too far off topic, but for > now, we're still vaguely talking about certificate management... > Anyway, I raised an issue on their GitHub, the maintainers should be able to have a look : https://github.com/letoams/hash-slinger/issues/20 Hoggins!
signature.asc
Description: OpenPGP digital signature
