Message11541

Author	behackett
Recipients	behackett
Date	2017-08-21.17:28:00
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1503336481.31.0.797124685454.issue2616@psf.upfronthosting.co.za>
In-reply-to

Content
Jython 2.7.1 added constants in the ssl module for supporting CRLs (VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, etc.). _ssl_certs.py doesn't actually support CRL files. It expects PEM files to start with a line like: '-----BEGIN CERTIFICATE-----' But CRLs begin with: -----BEGIN X509 CRL----- The traceback looks like this: ctx.load_verify_locations(crlfile) File "/opt/python/jython2.7/Lib/ssl.py", line 1169, in load_verify_locations _certs, private_key = _extract_certs_for_paths(cafiles) File "/opt/python/jython2.7/Lib/_sslcerts.py", line 218, in _extract_certs_for_paths _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter) File "/opt/python/jython2.7/Lib/_sslcerts.py", line 237, in _extract_cert_from_data certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter) File "/opt/python/jython2.7/Lib/_sslcerts.py", line 253, in _read_pem_cert_from_data for br in _extract_readers(f): File "/opt/python/jython2.7/Lib/_sslcerts.py", line 102, in _extract_readers raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)") SSLError: [Errno 1] PEM lib (no start line or not enough data)

Jython 2.7.1 added constants in the ssl module for supporting CRLs (VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, etc.). _ssl_certs.py doesn't actually support CRL files. It expects PEM files to start with a line like:

'-----BEGIN CERTIFICATE-----'

But CRLs begin with:

-----BEGIN X509 CRL-----

The traceback looks like this:

    ctx.load_verify_locations(crlfile)
  File "/opt/python/jython2.7/Lib/ssl.py", line 1169, in load_verify_locations
    _certs, private_key = _extract_certs_for_paths(cafiles)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 218, in _extract_certs_for_paths
    _certs, _private_key = _extract_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 237, in _extract_cert_from_data
    certs, private_key = _read_pem_cert_from_data(f, password, key_converter, cert_converter)
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 253, in _read_pem_cert_from_data
    for br in _extract_readers(f):
  File "/opt/python/jython2.7/Lib/_sslcerts.py", line 102, in _extract_readers
    raise SSLError(SSL_ERROR_SSL, "PEM lib (no start line or not enough data)")
SSLError: [Errno 1] PEM lib (no start line or not enough data)

History
Date	User	Action	Args
2017-08-21 17:28:01	behackett	set	recipients: + behackett
2017-08-21 17:28:01	behackett	set	messageid: <1503336481.31.0.797124685454.issue2616@psf.upfronthosting.co.za>
2017-08-21 17:28:01	behackett	link	issue2616 messages
2017-08-21 17:28:00	behackett	create