[issue35665] Function ssl.create_default_context raises exception on Windows 10 when called with ssl.Purpose.SERVER_AUTH) attribute
Christian Heimes
report at bugs.python.org
Mon Jan 7 14:53:42 EST 2019
Christian Heimes <lists at cheimes.de> added the comment:
Your Windows cert store contains multiple invalid certificates. The first failing certificate is the custom "MUPCA Root", which looks like a certificate from http://ca.mup.gov.rs/sertifikati.html. The serial number seems to be badly formated or padded. There is nothing we can do about erroneous and bad certificates.
$ openssl x509 -in ca.pem
unable to load certificate
140613019477824:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187:
140613019477824:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF
140613019477824:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
140613019477824:error:0906700D:PEM routines:PEM_ASN1_read_bio:ASN1 lib:crypto/pem/pem_oth.c:33:
$ openssl asn1parse -in ca.pem
0:d=0 hl=4 l=1300 cons: SEQUENCE
4:d=1 hl=4 l= 764 cons: SEQUENCE
8:d=2 hl=2 l= 3 cons: cont [ 0 ]
10:d=3 hl=2 l= 1 prim: INTEGER :02
13:d=2 hl=2 l= 4 prim: INTEGER :BAD INTEGER:[00000066]
19:d=2 hl=2 l= 13 cons: SEQUENCE
21:d=3 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption
32:d=3 hl=2 l= 0 prim: NULL
34:d=2 hl=2 l= 83 cons: SEQUENCE
36:d=3 hl=2 l= 19 cons: SET
38:d=4 hl=2 l= 17 cons: SEQUENCE
40:d=5 hl=2 l= 3 prim: OBJECT :commonName
45:d=5 hl=2 l= 10 prim: UTF8STRING :MUPCA Root
57:d=3 hl=2 l= 29 cons: SET
59:d=4 hl=2 l= 27 cons: SEQUENCE
61:d=5 hl=2 l= 3 prim: OBJECT :organizationName
66:d=5 hl=2 l= 20 prim: UTF8STRING :MUP Republike Srbije
88:d=3 hl=2 l= 16 cons: SET
90:d=4 hl=2 l= 14 cons: SEQUENCE
92:d=5 hl=2 l= 3 prim: OBJECT :localityName
97:d=5 hl=2 l= 7 prim: UTF8STRING :Beograd
106:d=3 hl=2 l= 11 cons: SET
108:d=4 hl=2 l= 9 cons: SEQUENCE
110:d=5 hl=2 l= 3 prim: OBJECT :countryName
115:d=5 hl=2 l= 2 prim: PRINTABLESTRING :RS
119:d=2 hl=2 l= 30 cons: SEQUENCE
121:d=3 hl=2 l= 13 prim: UTCTIME :100227161918Z
136:d=3 hl=2 l= 13 prim: UTCTIME :200227161918Z
...
$ wget http://ca.mup.gov.rs/MUPCARoot.crt
$ openssl x509 -in MUPCARoot.crt -inform DER
unable to load certificate
140699773712192:error:0D0E20DD:asn1 encoding routines:c2i_ibuf:illegal padding:crypto/asn1/a_int.c:187:
140699773712192:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=serialNumber, Type=X509_CINF
140699773712192:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:crypto/asn1/tasn_dec.c:627:Field=cert_info, Type=X509
----------
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35665>
_______________________________________
More information about the Python-bugs-list
mailing list