Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Strange behavior processing SSL certs between a Windows 11 system running Python 3.13.1 and a Windows 10 system running Python 3.8.5
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Dick Brooks via curl-users <curl-users_at_lists.haxx.se>
Date: Sat, 28 Dec 2024 08:28:16 -0500
Hello Everyone,
I'm Dick Brooks, the lead software engineer at Business Cyber Guardian.
I've encountered some unexpected behavior between two systems using the
exact same piece of code - any ideas why this might be happening:
FROM ROADWARRIOR (Win 11) (shows the signing certificate info)
----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files
----> Subject : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2
----> Issuer : CN=GlobalSign
----> SourceCertificateComplete : [(('Subject', 'C=BE, O=GlobalSign nv-sa,
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Issuer', 'OU=GlobalSign Root
CA - R3, O=GlobalSign, CN=GlobalSign'), ('Version', '2'), ('Serial Number',
'00:80:4e:00:3a:27:2b:c5:18:e3:4d:a4:b1:fc:9b:78:33:'), ('Signature
Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-01-17 03:24:32
GMT'), ('Expire Date', '2026-01-17 00:00:00 GMT')
FROM WARP9 (Win 10) (shows the issued SSL Certificate subject info - the
leaf node)
----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files
----> Subject : CN=pypi.org
----> Issuer : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2
----> SourceCertificateComplete : [(('Subject', 'CN=pypi.org'), ('Issuer',
'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'),
('Version', '2'), ('Serial Number',
'01:06:a3:43:b1:24:03:82:30:1a:c9:27:d9:3f:23:4b:'), ('Signature Algorithm',
'sha256WithRSAEncryption'), ('Start Date', '2024-04-23 04:22:05 GMT'),
('Expire Date', '2025-05-25 04:22:04 GMT')
NOTE: I receive the same results on both machines when I run the code
interactively (the win 10 results):
import pycurl, certifi
curl = pycurl.Curl()
curl.setopt(pycurl.CAINFO, certifi.where())
curl.setopt(pycurl.SSL_VERIFYPEER, 1)
curl.setopt(pycurl.SSL_VERIFYHOST, 2)
curl.setopt(pycurl.OPT_CERTINFO, 1)
curl.setopt(pycurl.NOBODY, 1)
#ServerURL="https://pypi.org/project/sag-reader/"
ServerURL="https://softwareassuranceguardian.com/SAG_CTR"
curl.setopt(pycurl.URL, ServerURL) # https://pypi.org/project/sag-reader/
buffer = curl.perform_rb()
ServerCert = curl.getinfo(pycurl.INFO_CERTINFO)
certinfo = ServerCert[0]
print(certinfo)
certinfo_dict = dict()
for entry in certinfo:
certinfo_dict[entry[0]] = entry[1]
print(certinfo_dict[entry[0]])
for item in certinfo_dict['Subject'].split(", "):
Cert_Subject = item
print("ITEM: ", item)
if item.find("=") != -1 :
fieldname =
item.split("=")[0].strip()
fieldvalue = item.split("=")[1]
if fieldname == "CN" :
CN_Name =
fieldvalue
print("CN= ",
CN_Name)
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
<https://reliableenergyanalytics.com/products> Never trust software, always
verify and report! T
Risk always exists, but trust must be earned and awarded.T
<https://businesscyberguardian.com/> https://businesscyberguardian.com/
Email: dick_at_businesscyberguardian.com
Tel: +1 978-696-1788
Received on 2024-12-28
Date: Sat, 28 Dec 2024 08:28:16 -0500
Hello Everyone,
I'm Dick Brooks, the lead software engineer at Business Cyber Guardian.
I've encountered some unexpected behavior between two systems using the
exact same piece of code - any ideas why this might be happening:
FROM ROADWARRIOR (Win 11) (shows the signing certificate info)
----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files
----> Subject : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2
----> Issuer : CN=GlobalSign
----> SourceCertificateComplete : [(('Subject', 'C=BE, O=GlobalSign nv-sa,
CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Issuer', 'OU=GlobalSign Root
CA - R3, O=GlobalSign, CN=GlobalSign'), ('Version', '2'), ('Serial Number',
'00:80:4e:00:3a:27:2b:c5:18:e3:4d:a4:b1:fc:9b:78:33:'), ('Signature
Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-01-17 03:24:32
GMT'), ('Expire Date', '2026-01-17 00:00:00 GMT')
FROM WARP9 (Win 10) (shows the issued SSL Certificate subject info - the
leaf node)
----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files
----> Subject : CN=pypi.org
----> Issuer : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2
----> SourceCertificateComplete : [(('Subject', 'CN=pypi.org'), ('Issuer',
'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'),
('Version', '2'), ('Serial Number',
'01:06:a3:43:b1:24:03:82:30:1a:c9:27:d9:3f:23:4b:'), ('Signature Algorithm',
'sha256WithRSAEncryption'), ('Start Date', '2024-04-23 04:22:05 GMT'),
('Expire Date', '2025-05-25 04:22:04 GMT')
NOTE: I receive the same results on both machines when I run the code
interactively (the win 10 results):
import pycurl, certifi
curl = pycurl.Curl()
curl.setopt(pycurl.CAINFO, certifi.where())
curl.setopt(pycurl.SSL_VERIFYPEER, 1)
curl.setopt(pycurl.SSL_VERIFYHOST, 2)
curl.setopt(pycurl.OPT_CERTINFO, 1)
curl.setopt(pycurl.NOBODY, 1)
#ServerURL="https://pypi.org/project/sag-reader/"
ServerURL="https://softwareassuranceguardian.com/SAG_CTR"
curl.setopt(pycurl.URL, ServerURL) # https://pypi.org/project/sag-reader/
buffer = curl.perform_rb()
ServerCert = curl.getinfo(pycurl.INFO_CERTINFO)
certinfo = ServerCert[0]
print(certinfo)
certinfo_dict = dict()
for entry in certinfo:
certinfo_dict[entry[0]] = entry[1]
print(certinfo_dict[entry[0]])
for item in certinfo_dict['Subject'].split(", "):
Cert_Subject = item
print("ITEM: ", item)
if item.find("=") != -1 :
fieldname =
item.split("=")[0].strip()
fieldvalue = item.split("=")[1]
if fieldname == "CN" :
CN_Name =
fieldvalue
print("CN= ",
CN_Name)
Thanks,
Dick Brooks
Active Member of the CISA Critical Manufacturing Sector,
Sector Coordinating Council - A Public-Private Partnership
<https://reliableenergyanalytics.com/products> Never trust software, always
verify and report! T
Risk always exists, but trust must be earned and awarded.T
<https://businesscyberguardian.com/> https://businesscyberguardian.com/
Email: dick_at_businesscyberguardian.com
Tel: +1 978-696-1788
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
(image/png attachment: image007.png)
(image/png attachment: image008.png)
(image/png attachment: image009.png)