On 2/17/2015 3:42 PM, Laura Creighton wrote: > Possibly this bug? > https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1014640 > > Laura
Probably that bug in OpenSSL. Some versions of OpenSSL are known to be broken for cases where there multiple valid certificate trees. Python ships with its own copy of OpenSSL on Windows. Tests for "www.verisign.com" Win7, x64: Python 2.7.9 with OpenSSL 1.0.1j 15 Oct 2014. FAIL Python 3.4.2 with OpenSSL 1.0.1i 6 Aug 2014. FAIL openssl s_client -OpenSSL 1.0.1h 5 Jun 2014 FAIL Ubuntu 14.04 LTS, using distro's versions of Python: Python 2.7.6 - test won't run, needs create_default_context Python 3.4.0 with OpenSSL 1.0.1f 6 Jan 2014. FAIL openssl s_client OpenSSL 1.0.1f 6 Jan 2014 PASS That's with the same cert file in all cases. The OpenSSL version for Python programs comes from ssl.OPENSSL_VERSION. The Linux situation has me puzzled. On Linux, Python is supposedly using the system version of OpenSSL. The versions match. Why do Python and the command line client disagree? Different options passed to OpenSSL by Python? Here's the little test program: http://www.animats.com/private/sslbug Please try that and let me know what happens on other platforms. Works with Python 2.7.9 or 3.x. John Nagle -- https://mail.python.org/mailman/listinfo/python-list
