[issue13034] Python does not read Alternative Subject Names from SSL certificates larger than 1024 bits

Antoine Pitrou Fri, 23 Sep 2011 09:23:19 -0700

Antoine Pitrou <pit...@free.fr> added the comment:

Thanks for reporting. This trivial patch seems to fix it (still needs a test):


diff -r 1b4fae183da3 Modules/_ssl.c
--- a/Modules/_ssl.c    Tue Aug 09 18:48:02 2011 -0500
+++ b/Modules/_ssl.c    Fri Sep 23 18:16:04 2011 +0200
@@ -590,7 +590,7 @@ _get_peer_alt_names (X509 *certificate) 
     /* get a memory buffer */
     biobuf = BIO_new(BIO_s_mem());
 
-    i = 0;
+    i = -1;
     while ((i = X509_get_ext_by_NID(
                     certificate, NID_subject_alt_name, i)) >= 0) {
 

Yay for undocumented OpenSSL APIs with weird semantics.

----------
assignee:  -> pitrou
versions: +Python 3.2, Python 3.3

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue13034>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13034] Python does not read Alternative Subject Names from SSL certificates larger than 1024 bits

Reply via email to