Menu
▾
▴
Re: [pyOpenSSL] Problem with pyOpenSSL 0.10 and OpenSSL 0.9.8m
|
From: <ex...@tw...> - 2010-02-26 16:26:48
|
On 12:04 pm, ma...@eg... wrote: >M.-A. Lemburg wrote: >>OpenSSL just released version 0.9.8m where they changed the >>SSL renegotiation scheme to now follow RFC 5746 instead of >>just disabling it completely: >> >> http://tools.ietf.org/html/rfc5746 >> >>pyOpenSSL compiles against the new version without problems, >>but one of the unit tests fails on Linux x64 (and perhaps >>other platforms as well): >>>python OpenSSL/test/test_ssl.py >>.......E.... >>====================================================================== >>ERROR: test_set_default_verify_paths (__main__.ContextTests) >>---------------------------------------------------------------------- >>Traceback (most recent call last): >> File "OpenSSL/test/test_ssl.py", line 253, in >>test_set_default_verify_paths >> clientSSL.do_handshake() >>Error: [('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate >>verify failed')] >> >>---------------------------------------------------------------------- >>Ran 12 tests in 0.660s >> >>FAILED (errors=1) >> >>The test connects to https://verisign.com/ >>I've tried a few other sites as well, but always get the same >>error. > >I tried the same on Linux x86 with the same results. > >I then also checked pyOpenSSL 0.9.0 with OpenSSL 0.9.8l >and again get the same results. > >Perhaps there's something wrong with my test setup ? I've >done the tests on two different machines. This test depends on OpenSSL having been built so that it has access to the platform-provided CA certificate database. It sounds like your builds weren't done this way. I've never actually built OpenSSL this way myself, and I have very little idea what is involved in doing so. I know that Ubuntu's OpenSSL builds have this enabled, but as far as I know none of the other widely used builds for other platforms do (I've looked at OS X and Windows and they don't, I'm not sure about other Linux distros). Unfortunately I don't have much more info than that about the feature, so I can't make any suggestions about how to check to see if this is really the problem, or how to change the build in order to fix it. Jean-Paul |
