Issue2616

classification
Title: Incomplete / broken support for Certificate Revocation Lists
Type: Severity: normal
Components: Library Versions: Jython 2.7
Milestone: Jython 2.7.2
process
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: amak, behackett
Priority: Keywords:

Created on 2017-08-21.17:28:01 by behackett, last changed 2017-09-05.18:50:46 by zyasoft.

Messages
msg11541 (view) Author: Bernie Hackett (behackett) Date: 2017-08-21.17:28:00
Jython 2.7.1 added constants in the ssl module for supporting CRLs (VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, etc.). _ssl_certs.py doesn't actually support CRL files. It expects PEM files to start with a line like:

'-----BEGIN CERTIFICATE-----'

But CRLs begin with:

-----BEGIN X509 CRL-----

The traceback looks like this:

    ctx.load_verify_locations(crlfile)
  File "/opt/python/jython2.7/Lib/ssl.py", line 1169, in load_verify_locations
    _certs, private_key = _extract_certs_for_paths(cafiles)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 218, in _extract_certs_for_paths
    _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 237, in _extract_cert_from_data
    certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 253, in _read_pem_cert_from_data
    for br in _extract_readers(f):
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 102, in _extract_readers
    raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)")
SSLError: [Errno 1] PEM lib (no start line or not enough data)
History
Date User Action Args
2017-09-05 18:50:46zyasoftsetmilestone: Jython 2.7.2
2017-08-25 16:38:05amaksetnosy: + amak
2017-08-21 17:28:01behackettcreate