New submission from lilydjwg:
This fails:
Python 3.5.2 (default, Jun 28 2016, 08:46:01)
[GCC 6.1.1 20160602] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> import ssl
>>> import socket
>>> s = socket.socket()
>>> c =
>>> ssl.create_default_context(cafile='COMODORSADomainValidationSecureServerCA.crt')
>>> s = c.wrap_socket(s, server_hostname='miaosss.top')
>>> s.connect(('miaosss.top', 443))
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.5/ssl.py", line 1019, in connect
self._real_connect(addr, False)
File "/usr/lib/python3.5/ssl.py", line 1010, in _real_connect
self.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 988, in do_handshake
self._sslobj.do_handshake()
File "/usr/lib/python3.5/ssl.py", line 633, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:645)
But openssl can succeed:
openssl s_client -connect miaosss.top:443 -CAfile
COMODORSADomainValidationSecureServerCA.crt -servername miaosss.top
endswith "Verify return code: 0 (ok)"
Firefox and SSLlabs
(https://www.ssllabs.com/ssltest/analyze.html?d=miaosss.top) both show it's
trusted.
----------
messages: 274542
nosy: lilydjwg
priority: normal
severity: normal
status: open
title: ssl: can't verify a trusted site with imcomplete certificate chain
type: behavior
versions: Python 3.5
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue27970>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
