[issue23476] SSL cert verify fail for "www.verisign.com"
Christian Heimes
report at bugs.python.org
Tue Feb 24 17:02:00 CET 2015
Christian Heimes added the comment:
John, neither Python nor OpenSSL are shipped with certificates.
Python uses certificates from operating system. We decided against our own certificate store because we wanted to avoid exactly this kind of trouble. If Python can't verify a certificate then you have to update the certificate storage of your OS.
On Linux and BSD Python, curl, wget and most other system tools use the OS's cert store. On Windows Python uses the same store as the IE, Chrome and other apps. Contrary to IE Python doesn't enforce cert store updates.
You can reproduce the problem with curl, too. The first call uses the OS' store, the second overwrite the default store.
$ curl https://www.verisign.com
$ SSL_CERT_DIR=/tmp SSL_CERT_FILE=/tmp curl https://www.verisign.com
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue23476>
_______________________________________
More information about the Python-bugs-list
mailing list