Issue2616

classification

Title:	Incomplete / broken support for Certificate Revocation Lists
Type:		Severity:	normal
Components:	Library	Versions:	Jython 2.7
		Milestone:

process

Status:	open	Resolution:
Dependencies:		Superseder:
Assigned To:		Nosy List:	amak, behackett
Priority:	normal	Keywords:

Created on 2017-08-21.17:28:01 by behackett, last changed 2018-03-24.07:41:12 by jeff.allen.

Messages
msg11541 (view)	Author: Bernie Hackett (behackett)	Date: 2017-08-21.17:28:00
Jython 2.7.1 added constants in the ssl module for supporting CRLs (VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, etc.). _ssl_certs.py doesn't actually support CRL files. It expects PEM files to start with a line like: '-----BEGIN CERTIFICATE-----' But CRLs begin with: -----BEGIN X509 CRL----- The traceback looks like this: ctx.load_verify_locations(crlfile) File "/opt/python/jython2.7/Lib/ssl.py", line 1169, in load_verify_locations _certs, private_key = _extract_certs_for_paths(cafiles) File "/opt/python/jython2.7/Lib/_sslcerts.py", line 218, in _extract_certs_for_paths _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter) File "/opt/python/jython2.7/Lib/_sslcerts.py", line 237, in _extract_cert_from_data certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter) File "/opt/python/jython2.7/Lib/_sslcerts.py", line 253, in _read_pem_cert_from_data for br in _extract_readers(f): File "/opt/python/jython2.7/Lib/_sslcerts.py", line 102, in _extract_readers raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)") SSLError: [Errno 1] PEM lib (no start line or not enough data)

msg11541 (view)

Author: Bernie Hackett (behackett)

Date: 2017-08-21.17:28:00

Jython 2.7.1 added constants in the ssl module for supporting CRLs (VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, etc.). _ssl_certs.py doesn't actually support CRL files. It expects PEM files to start with a line like:

'-----BEGIN CERTIFICATE-----'

But CRLs begin with:

-----BEGIN X509 CRL-----

The traceback looks like this:

    ctx.load_verify_locations(crlfile)
  File "/opt/python/jython2.7/Lib/ssl.py", line 1169, in load_verify_locations
    _certs, private_key = _extract_certs_for_paths(cafiles)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 218, in _extract_certs_for_paths
    _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 237, in _extract_cert_from_data
    certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 253, in _read_pem_cert_from_data
    for br in _extract_readers(f):
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 102, in _extract_readers
    raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)")
SSLError: [Errno 1] PEM lib (no start line or not enough data)

History
Date	User	Action	Args
2018-03-24 07:41:12	jeff.allen	set	priority: normal milestone: Jython 2.7.2 ->
2017-09-05 18:50:46	zyasoft	set	milestone: Jython 2.7.2
2017-08-25 16:38:05	amak	set	nosy: + amak
2017-08-21 17:28:01	behackett	create