[issue36816] self-signed.pythontest.net TLS certificate key is too weak
Chih-Hsuan Yen
report at bugs.python.org
Tue May 21 08:12:20 EDT 2019
Chih-Hsuan Yen <yan12125 at gmail.com> added the comment:
Hi Michael Felt,
> And, what it looks like you are trying to do with an updated 'signing" .pem is to remove the 'self-signed' charasteric.
If I understand it correctly, the new certificate is indeed still self-signed. It's updated to match the certificate deployed at https://self-signed.pythontest.net/. Under the hood load_verify_locations() at line 1628 is used to make the test accept any valid certificate signed with the given certificate.
As a record, with CPython e7cb23bf2079087068a08502f96fdf20b317d69c and OpenSSL 1.1.1b on Arch Linux x86_64, the test is green:
test_networked_good_cert (test.test_httplib.HTTPSTest) ... ok
By the way, I believe the "key too weak" workaround can be removed now and then this issue can be closed.
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36816>
_______________________________________
More information about the Python-bugs-list
mailing list