Issue 8086: ssl.get_server_certificate new line missing (original) (raw)

Created on 2010-03-07 17:56 by offero, last changed 2022-04-11 14:56 by admin. This issue is now closed.

Files
File name Uploaded Description Edit
python-ssl-PEM_FOOTER.patch kylev,2010-03-27 01:22 Add PEM footer newline, test both header and footer
Messages (6)
msg100595 - (view) Author: Chris (offero) Date: 2010-03-07 17:56
I'm using ssl.get_server_certificate function. It returns a pem string. For each server I try, I get the string, but it is missing a newline "\n" before the -----END CERTIFICATE----- text. Any subsequent use of the string makes openssl throw up with a "bad end line" error. ssl.PEM_cert_to_DER_cert can be used, and, subsequently the der string can be used elsewhere. Example: >>> fncert = ssl.get_server_certificate(("freenode.net", 443), 3) >>> fncert '-----BEGIN CERTIFICATE-----\nMIICFTCCAX6gAwIBAgIBAjANBgkqhkiG9w0BAQUFADBVMRswGQYDVQQKExJBcGFj\naGUgSFRUUCBTZXJ2ZXIxIjAgBgNVBAsTGUZvciB0ZXN0aW5nIHB1cnBvc2VzIG9u\nbHkxEjAQBgNVBAMTCWxvY2FsaG9zdDAeFw0wNzA1MDkxODM2MjVaFw0wODA1MDgx\nODM2MjVaMEwxGzAZBgNVBAoTEkFwYWNoZSBIVFRQIFNlcnZlcjEZMBcGA1UECxMQ\nVGVzdCBDZXJ0aWZpY2F0ZTESMBAGA1UEAxMJbG9jYWxob3N0MIGfMA0GCSqGSIb3\nDQEBAQUAA4GNADCBiQKBgQDYqJO6X9uwU0AyJ6H1WgYCZOqpZvdI96/LaDumT4Tl\nD6QvmXzAbM4okSHU3FEuSqR/tNv+eT5IZJKHVsXh0CiDduIYkLdqkLhEAbixjX/1\nfdCtGL4X0l42LqhK4TMFT5AxxsP1qFDXDvzl/yjxo9juVuZhCeqFr1YDKBffCIAn\ncwIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAG0zi/KyzHxSsLHfrwTFh9330TaGj/3H\nuvhmBUPC3FOxbIH2y5CG/Ddg46756cfaxKKiqJV3I4dAgatQybE65ELc3wOWgs4v\n4VDGsFKbkmBLuCgnFaY+p4xvr2XL+bJmpm8+IQqW5Ob/OUSl7Vj4btHhF6VK29CI\n+DexDLRI0KqZ-----END CERTIFICATE-----\n' Notice no "\n" before -----END CERTIFICATE-----\n Platform: Linux x64 python 2.6.4
msg100597 - (view) Author: Chris (offero) Date: 2010-03-07 18:17
Did some more research and found this as the culprit: in Lib/ssl.py ############################# ... def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None): ... return DER_cert_to_PEM_cert(dercert) def DER_cert_to_PEM_cert(der_cert_bytes): """Takes a certificate in binary DER format and returns the PEM version of it as a string.""" if hasattr(base64, 'standard_b64encode'): # preferred because older API gets line-length wrong f = base64.standard_b64encode(der_cert_bytes) return (PEM_HEADER + '\n' + textwrap.fill(f, 64) + PEM_FOOTER + '\n') else: return (PEM_HEADER + '\n' + base64.encodestring(der_cert_bytes) + PEM_FOOTER + '\n') ############################ Notice no '\n' before the PEM_FOOTER
msg100599 - (view) Author: R. David Murray (r.david.murray) * (Python committer) Date: 2010-03-07 18:27
I think that's because encodestring tacks a 'courtesy newline' on to the end of the output it returns. textwrap.fill does't, and I'm guessing that's the code path that your installation is taking.
msg101817 - (view) Author: Kyle VanderBeek (kylev) Date: 2010-03-27 01:25
Forgot to note that my patch is against 2.7 current trunk.
msg104366 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-27 21:37
This looks reasonable enough.
msg104374 - (view) Author: Antoine Pitrou (pitrou) * (Python committer) Date: 2010-04-27 22:10
Fixed in r80557 (trunk) and r80558 (2.6). 3.1 and 3.2 weren't affected, but I still merged in the additional tests. Thank you!
History
Date User Action Args
2022-04-11 14:56:58 admin set github: 52333
2010-04-27 22:10:04 pitrou set status: open -> closedresolution: fixedmessages: + stage: patch review -> resolved
2010-04-27 21:37:46 pitrou set nosy: + pitroumessages: + stage: test needed -> patch review
2010-03-27 01:25:14 kylev set nosy: + kylevmessages: +
2010-03-27 01:22:30 kylev set files: + python-ssl-PEM_FOOTER.patchkeywords: + patch
2010-03-07 18:30:48 r.david.murray set nosy: + janssen
2010-03-07 18:27:20 r.david.murray set versions: + Python 3.1, Python 2.7, Python 3.2
2010-03-07 18:27:06 r.david.murray set priority: normalcomponents: + Library (Lib)keywords: + easynosy: + r.david.murraymessages: + stage: test needed
2010-03-07 18:17:50 offero set messages: +
2010-03-07 17:56:27 offero create