Title: Incomplete / broken support for Certificate Revocation Lists
Type: Severity: normal
Components: Library Versions: Jython 2.7
Status: open Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: amak, behackett
Priority: normal Keywords:

Created on 2017-08-21.17:28:01 by behackett, last changed 2018-03-24.07:41:12 by jeff.allen.

msg11541 (view) Author: Bernie Hackett (behackett) Date: 2017-08-21.17:28:00
Jython 2.7.1 added constants in the ssl module for supporting CRLs (VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, etc.). doesn't actually support CRL files. It expects PEM files to start with a line like:


But CRLs begin with:

-----BEGIN X509 CRL-----

The traceback looks like this:

  File "/opt/python/jython2.7/Lib/", line 1169, in load_verify_locations
    _certs, private_key = _extract_certs_for_paths(cafiles)
  File "/opt/python/jython2.7/Lib/", line 218, in _extract_certs_for_paths
    _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/", line 237, in _extract_cert_from_data
    certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/", line 253, in _read_pem_cert_from_data
    for br in _extract_readers(f):
  File "/opt/python/jython2.7/Lib/", line 102, in _extract_readers
    raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)")
SSLError: [Errno 1] PEM lib (no start line or not enough data)
Date User Action Args
2018-03-24 07:41:12jeff.allensetpriority: normal
milestone: Jython 2.7.2 ->
2017-09-05 18:50:46zyasoftsetmilestone: Jython 2.7.2
2017-08-25 16:38:05amaksetnosy: + amak
2017-08-21 17:28:01behackettcreate