Message 385102 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes, miss-islington, ned.deily, paul.moore, ronaldoussoren, squear, steve.dower, tim.golden, zach.ware
Date	2021-01-15.08:55:17
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1610700918.24.0.693506638461.issue41837@roundup.psfhosted.org>
In-reply-to

Content
I got bad news. OpenSSL 1.1.1i introduced a regression in cert validation. This affects some cases that involve self-signed certificates. Cert validation fails if a self-signed certificate is used as both a trust anchor (root CA) and EE cert. This may affect Python. Would it be possible to rebuild our OpenSSL binaries with patch https://github.com/openssl/openssl/pull/13749 ?

I got bad news. OpenSSL 1.1.1i introduced a regression in cert validation. This affects some cases that involve self-signed certificates. Cert validation fails if a self-signed certificate is used as both a trust anchor (root CA) and EE cert. This may affect Python.

Would it be possible to rebuild our OpenSSL binaries with patch https://github.com/openssl/openssl/pull/13749 ?

History
Date	User	Action	Args
2021-01-15 08:55:18	christian.heimes	set	recipients: + christian.heimes, paul.moore, ronaldoussoren, tim.golden, ned.deily, zach.ware, steve.dower, miss-islington, squear
2021-01-15 08:55:18	christian.heimes	set	messageid: <1610700918.24.0.693506638461.issue41837@roundup.psfhosted.org>
2021-01-15 08:55:18	christian.heimes	link	issue41837 messages
2021-01-15 08:55:17	christian.heimes	create