Download
Browse source Changelog tiny-curl
Documentation
Project   Bug Bounty FAQ   Help us   Known bugs   TODO Protocols   CA bundle   HTTP Cookies   SSL Certs Releases   Security   Version numbers   Vulnerabilities curl tool   man page   Tutorial   HTTP scripting trurl wcurl Videos Who and Why
libcurl
API Examples Features Mailing list Symbols Using libcurl Tutorial
Get Help
curl-library curl-users IRC / chat Mailing lists Everything curl [book] Video presentations Report a bug Paid support
Development
Autobuilds Code review Code style Contribute Dashboard Deprecate Internals Release Notes Release Procedure Roadmap Run Tests Specifications Test curl Tests Overview Vulnerability Disclosure Policy
News
Changelog Release table
curl / Mailing Lists / curl-users / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Re: Strange behavior processing SSL certs between a Windows 11 system running Python 3.13.1 and a Windows 10 system running Python 3.8.5

From: Ray Satiro via curl-users <curl-users_at_lists.haxx.se>
Date: Sat, 28 Dec 2024 16:01:54 -0500

On 12/28/2024 8:28 AM, Dick Brooks via curl-users wrote:
>
> I’ve encountered some unexpected behavior between two systems using
> the exact same piece of code – any ideas why this might be happening:
>
> FROM ROADWARRIOR (Win 11) (shows the signing certificate info)
>
> ----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files
>
> ----> Subject :  CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2
>
> ----> Issuer :  CN=GlobalSign
>
> ----> SourceCertificateComplete : [(('Subject', 'C=BE, O=GlobalSign
> nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Issuer',
> 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'),
> ('Version', '2'), ('Serial Number',
> '00:80:4e:00:3a:27:2b:c5:18:e3:4d:a4:b1:fc:9b:78:33:'), ('Signature
> Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-01-17
> 03:24:32 GMT'), ('Expire Date', '2026-01-17 00:00:00 GMT')
>
> FROM WARP9 (Win 10) (shows the issued SSL Certificate subject info –
> the leaf node)
>
> ----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files
>
> ----> Subject :  CN=pypi.org
>
> ----> Issuer :  CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2
>
> ----> SourceCertificateComplete : [(('Subject', 'CN=pypi.org'),
> ('Issuer', 'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA
> 2024 Q2'), ('Version', '2'), ('Serial Number',
> '01:06:a3:43:b1:24:03:82:30:1a:c9:27:d9:3f:23:4b:'), ('Signature
> Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-04-23
> 04:22:05 GMT'), ('Expire Date', '2025-05-25 04:22:04 GMT')
>
> NOTE: I receive the same results on both machines when I run the code
> interactively
>

That server sends 2 certificates. An end certificate and an
intermediate. One of your results shows the end certificate and one
shows the intermediate certificate.

It's possible that different versions of libcurl are being used and
sorted the certificates differently. Last year a bug was fixed in
libcurl with schannel because it sorted the certificates in the wrong
order. [1] The first version with the fix is 8.3.0.

Or there's a different bug or there is something is wrong with your
python code.


[1]: https://github.com/curl/curl/pull/11632 



-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-12-28