On Fri, Sep 9, 2016 at 2:22 PM, dieter <die...@handshake.de> wrote: > Chi Hsuan Yen <yan12...@gmail.com> writes: > > ... > > Apparently OpenSSL verifies the whole certificate chain and > > report an error as soon as it finds an invalid certificate in the chain. > > As it must, if you require verification. > > When I remember right, you can disable the verification altogether > (though you should not for security reasons). > > Yeah we have a CLI option for that, and fortunately (or unfortunately?) it works fine.
> My > > questions is: how to tell from several possible causes to > > CERTIFICATE_VERIFY_FAILED? Currently both expired self signed certificate > > leads to CERTIFICATE_VERIFY_FAILED. Thanks for any help or advice. > > I would try to find (or write) a utility that follows the certificate > chain and provides details information about its state. > > Thanks a lot! I just lost my direction when trying to understand how certificate verification works in Python. > -- > https://mail.python.org/mailman/listinfo/python-list > -- https://mail.python.org/mailman/listinfo/python-list
