Re: Strange behavior processing SSL certs between a Windows 11 system running Python 3.13.1 and a Windows 10 system running Python 3.8.5

Sat, 28 Dec 2024 13:02:22 -0800 

On 12/28/2024 8:28 AM, Dick Brooks via curl-users wrote:



I’ve encountered some unexpected behavior between two systems using 
the exact same piece of code – any ideas why this might be happening:


FROM ROADWARRIOR (Win 11) (shows the signing certificate info)

----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files

----> Subject :  CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2

----> Issuer :  CN=GlobalSign


----> SourceCertificateComplete : [(('Subject', 'C=BE, O=GlobalSign 
nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Issuer', 
'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'), 
('Version', '2'), ('Serial Number', 
'00:80:4e:00:3a:27:2b:c5:18:e3:4d:a4:b1:fc:9b:78:33:'), ('Signature 
Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-01-17 
03:24:32 GMT'), ('Expire Date', '2026-01-17 00:00:00 GMT')



FROM WARP9 (Win 10) (shows the issued SSL Certificate subject info – 
the leaf node)


----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files

----> Subject :  CN=pypi.org

----> Issuer :  CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2


----> SourceCertificateComplete : [(('Subject', 'CN=pypi.org'), 
('Issuer', 'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 
2024 Q2'), ('Version', '2'), ('Serial Number', 
'01:06:a3:43:b1:24:03:82:30:1a:c9:27:d9:3f:23:4b:'), ('Signature 
Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-04-23 
04:22:05 GMT'), ('Expire Date', '2025-05-25 04:22:04 GMT')



NOTE: I receive the same results on both machines when I run the code 
interactively





That server sends 2 certificates. An end certificate and an 
intermediate. One of your results shows the end certificate and one 
shows the intermediate certificate.



It's possible that different versions of libcurl are being used and 
sorted the certificates differently. Last year a bug was fixed in 
libcurl with schannel because it sorted the certificates in the wrong 
order. [1] The first version with the fix is 8.3.0.



Or there's a different bug or there is something is wrong with your 
python code.



[1]: https://github.com/curl/curl/pull/11632


-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette:   https://curl.se/mail/etiquette.html






















					Reply via email to