Christian Heimes <li...@cheimes.de> added the comment:
Your Windows cert store contains multiple invalid certificates. The first failing certificate is the custom "MUPCA Root", which looks like a certificate from http://ca.mup.gov.rs/sertifikati.html. The serial number seems to be badly formated or padded. There is nothing we can do about erroneous and bad certificates. $ openssl x509 -in ca.pem unable to load certificate 140613019477824:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187: 140613019477824:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF 140613019477824:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509 140613019477824:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33: $ openssl asn1parse -in ca.pem 0:d=0 hl=4 l=1300 cons: SEQUENCE 4:d=1 hl=4 l= 764 cons: SEQUENCE 8:d=2 hl=2 l= 3 cons: cont [ 0 ] 10:d=3 hl=2 l= 1 prim: INTEGER :02 13:d=2 hl=2 l= 4 prim: INTEGER :BAD INTEGER:[00000066] 19:d=2 hl=2 l= 13 cons: SEQUENCE 21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 32:d=3 hl=2 l= 0 prim: NULL 34:d=2 hl=2 l= 83 cons: SEQUENCE 36:d=3 hl=2 l= 19 cons: SET 38:d=4 hl=2 l= 17 cons: SEQUENCE 40:d=5 hl=2 l= 3 prim: OBJECT :commonName 45:d=5 hl=2 l= 10 prim: UTF8STRING :MUPCA Root 57:d=3 hl=2 l= 29 cons: SET 59:d=4 hl=2 l= 27 cons: SEQUENCE 61:d=5 hl=2 l= 3 prim: OBJECT :organizationName 66:d=5 hl=2 l= 20 prim: UTF8STRING :MUP Republike Srbije 88:d=3 hl=2 l= 16 cons: SET 90:d=4 hl=2 l= 14 cons: SEQUENCE 92:d=5 hl=2 l= 3 prim: OBJECT :localityName 97:d=5 hl=2 l= 7 prim: UTF8STRING :Beograd 106:d=3 hl=2 l= 11 cons: SET 108:d=4 hl=2 l= 9 cons: SEQUENCE 110:d=5 hl=2 l= 3 prim: OBJECT :countryName 115:d=5 hl=2 l= 2 prim: PRINTABLESTRING :RS 119:d=2 hl=2 l= 30 cons: SEQUENCE 121:d=3 hl=2 l= 13 prim: UTCTIME :100227161918Z 136:d=3 hl=2 l= 13 prim: UTCTIME :200227161918Z ... $ wget http://ca.mup.gov.rs/MUPCARoot.crt $ openssl x509 -in MUPCARoot.crt -inform DER unable to load certificate 140699773712192:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187: 140699773712192:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF 140699773712192:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue35665> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
