Thank you Ray. I’ll look into the libcurl versions used on each platform. Appreciate the insights.
Thanks, Dick Brooks Active Member of the CISA Critical Manufacturing Sector, Sector Coordinating Council – A Public-Private Partnership <https://reliableenergyanalytics.com/products> Never trust software, always verify and report! ™ Risk always exists, but trust must be earned and awarded.™ https://businesscyberguardian.com/ Email: d...@businesscyberguardian.com Tel: +1 978-696-1788 From: curl-users <curl-users-boun...@lists.haxx.se> On Behalf Of Ray Satiro via curl-users Sent: Saturday, December 28, 2024 4:02 PM To: curl-users@lists.haxx.se Cc: Ray Satiro <raysat...@yahoo.com> Subject: Re: Strange behavior processing SSL certs between a Windows 11 system running Python 3.13.1 and a Windows 10 system running Python 3.8.5 On 12/28/2024 8:28 AM, Dick Brooks via curl-users wrote: I’ve encountered some unexpected behavior between two systems using the exact same piece of code – any ideas why this might be happening: FROM ROADWARRIOR (Win 11) (shows the signing certificate info) ----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files ----> Subject : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2 ----> Issuer : CN=GlobalSign ----> SourceCertificateComplete : [(('Subject', 'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Issuer', 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'), ('Version', '2'), ('Serial Number', '00:80:4e:00:3a:27:2b:c5:18:e3:4d:a4:b1:fc:9b:78:33:'), ('Signature Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-01-17 03:24:32 GMT'), ('Expire Date', '2026-01-17 00:00:00 GMT') FROM WARP9 (Win 10) (shows the issued SSL Certificate subject info – the leaf node) ----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files ----> Subject : CN=pypi.org ----> Issuer : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2 ----> SourceCertificateComplete : [(('Subject', 'CN=pypi.org'), ('Issuer', 'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Version', '2'), ('Serial Number', '01:06:a3:43:b1:24:03:82:30:1a:c9:27:d9:3f:23:4b:'), ('Signature Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-04-23 04:22:05 GMT'), ('Expire Date', '2025-05-25 04:22:04 GMT') NOTE: I receive the same results on both machines when I run the code interactively That server sends 2 certificates. An end certificate and an intermediate. One of your results shows the end certificate and one shows the intermediate certificate. It's possible that different versions of libcurl are being used and sorted the certificates differently. Last year a bug was fixed in libcurl with schannel because it sorted the certificates in the wrong order. [1] The first version with the fix is 8.3.0. Or there's a different bug or there is something is wrong with your python code. [1]: https://github.com/curl/curl/pull/11632
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
