Christian Heimes added the comment: >From https://www.ssllabs.com/ssltest/analyze.html?d=miaosss.top
Chain issues Incomplete Extra download COMODO RSA Domain Validation Secure Server CA Python does not support extra downloads of incomplete chains. The server must return the EE cert and all intermediate certs during the TLS handshake. You also can't pass the intermediate cert as a CA cert. It's not a trust anchor. You could load both the trust anchor and intermediate cert as CA certs (concatenate intermediate and root certs), but that is potentially dangerous. Safer way is https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_add0_chain_cert.html but Python does not have an API for SSL_CTX_add0_chain_cert(). Best solution: get the server fixed. It doesn't behave correctly. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue27970> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
