openssl 0.9.5a and python 1.6a2
Martin Carpenter
mcarpenter at free.fr
Fri Jul 14 11:04:27 EDT 2000
falk.lehmann at gmx.net wrote:
> I build python 1.6a2 and included the SSL support. I am using the
> openssl library 0.9.5a on a NT box.
[snip]
> But the proxy replies with an error message:
[snip]
> The requested item could not be loaded by the proxy.<P>
> The certificate issuer for this server is not recognized by
> Netscape. The security certificate may or may not be valid.
[snip]
> It seems that some certificate is missing. How do I make openssl aware
> of the certificates delivered with the distribution? Or is the error
> somewhere else?
Sounds suspiciously like it's the *proxy* that doesn't recognise the CA
that signed cardfile.com's certificate. So:
(a) Can you access this site using a standard browser and the same
proxy? This would eliminate the proxy from the equation.
(b) What certificate does cardfile.com present? Who is the issuer?
(Trying, for example going to that site and then examing the security
properies of that page with your browser - the "padlock" icon in
Navigator, for example). [I'm offline at the moment].
(c) I've not been around OpenSSL for a while (0.7 was the last I
tinkered with, I think), but the standard issuer certificates didn't
used to be "built in". It was up to the application developer to provide
the code to verify the validity of any certificate presented. Therefore,
your application *should* contain copies of all the issuer certificates
for the CAs that you wish to support. (Navigator 4.73, NT4.0, contains
70 or so of these "signer" certificates!).
Martin.
More information about the Python-list
mailing list