-
-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Python does not read Alternative Subject Names from some SSL certificates #57243
Comments
We found a problem with SSL certificates, when they are larger than 1024 bits and you need to check Alternative Subject Names. See below two examples, the first is our 2048 bit certificate and what Python returns. Then there is Google's code.google.com SSL certificate, 1024 bits and as you can see Python returns the other names correctly. This was tested with Python 2.7.2. Binary for projects.developer.nokia.com Python dictionary extracted Binary for code.google.com Python dictionary
|
Thanks for reporting. This trivial patch seems to fix it (still needs a test): diff -r 1b4fae183da3 Modules/_ssl.c
--- a/Modules/_ssl.c Tue Aug 09 18:48:02 2011 -0500
+++ b/Modules/_ssl.c Fri Sep 23 18:16:04 2011 +0200
@@ -590,7 +590,7 @@ _get_peer_alt_names (X509 *certificate)
/* get a memory buffer */
biobuf = BIO_new(BIO_s_mem());
- i = 0;
+ i = -1;
while ((i = X509_get_ext_by_NID(
certificate, NID_subject_alt_name, i)) >= 0) {
Yay for undocumented OpenSSL APIs with weird semantics. |
For the record, curl uses the (also undocumented) X509_get_ext_d2i() function instead. |
New changeset 65e7f40fefd4 by Antoine Pitrou in branch '3.2': New changeset 90a06fbb1f85 by Antoine Pitrou in branch 'default': |
New changeset 8e6694387c98 by Antoine Pitrou in branch '2.7': |
This should be fixed now. |
(fixing the title) |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: