[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Antoine Pitrou added the comment: > Probably test case will fail is sha256 module is not loaded - openssl > versions before 0.9.8 Yes, this has been fixed in r80375. -- ___ Python tracker

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Roumen Petrov added the comment: Probably test case will fail is sha256 module is not loaded - openssl versions before 0.9.8 -- nosy: +rpetrov ___ Python tracker ___ ___

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Antoine Pitrou added the comment: Fixed in r80314 (trunk), r80316 (2.6), r80317 (py3k), r80318 (3.1). Thank you! -- resolution: -> fixed stage: -> committed/rejected status: open -> closed ___ Python tracker

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Martin v. Löwis added the comment: > The patch calls OpenSSL_add_all_algorithms(), though. Ah, ok. The patch looks fine to me, then. -- title: ssl socket with certificate verification fails on SHA256 digest algorithm -> ssl socket with certificate verification fails on SHA256diges

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Antoine Pitrou added the comment: > "OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are > synonyms for SSL_library_init()" The patch calls OpenSSL_add_all_algorithms(), though. (yes, it's a different one :-)) http://www.openssl.org/docs/crypto/OpenSSL_add_all_algorithms.html

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Martin v. Löwis added the comment: That patch makes no sense. According to SSL_library_init(3SSL), "OpenSSL_add_ssl_algorithms() and SSLeay_add_ssl_algorithms() are synonyms for SSL_library_init()" So it shouldn't really matter which of these you call, and it should be sufficient to call onl

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Antoine Pitrou added the comment: After several attempts, I've failed generating a self-signed certificate that would reproduce the issue without relying on an external server. Perhaps there's something else than simply the hashing algorithm. In any case I think I'm simply gonna keep the curr

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Antoine Pitrou added the comment: Here is a patch. I'm not really happy about the test because it relies on an external test site, and the certificate apparently expires in 2011. -- keywords: +patch Added file: http://bugs.python.org/file17025/algos.patch _

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Antoine Pitrou added the comment: Changing OpenSSL initialization to the following seems to fix the issue (with OpenSSL 0.9.8k and 1.0.0): /* Init OpenSSL */ SSL_load_error_strings(); SSL_library_init(); #ifdef WITH_THREAD /* note that this will start threading

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Changes by Antoine Pitrou : -- nosy: +giampaolo.rodola, janssen, pitrou priority: -> normal type: crash -> behavior versions: +Python 2.7, Python 3.1, Python 3.2 ___ Python tracker _

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

Changes by Beda Kosata : Added file: http://bugs.python.org/file17022/chain.pem ___ Python tracker ___ ___ Python-bugs-list mailing list Unsubs

[issue8484] ssl socket with certificate verification fails on SHA256 digest algorithm

New submission from Beda Kosata : When trying a secure connection to an HTTPS server with server certificate verification, I get very strange behaviour when the digest used in the signing certificate is SHA-256 (+RSA). On Windows with Python 2.6.4 or 2.6.5, I consistently get the following erro