Woo! Good call me :-) We're hoping to have it released in the next week or two.
Alex On Sun, Oct 1, 2017 at 10:25 AM, Julian Meyer <jul...@meyer-privat.com> wrote: > Hi, > > Just a update. I tested it with cryptography==2.1.dev1 and now it is > working. So it is exactly this issue, as you guessed it. > > Thank you very much. > > Regards, > Julian > > Am 01.10.2017 um 15:54 schrieb Julian Meyer <jul...@meyer-privat.com>: > > Hi Alex, > <asn1parse_cert_not_working.txt> > <asn1parse_cert_working.txt> > Thanks for the fast answer. It seems that you have the right guess. I’ve > attached the Outputs of the openssl command. In comparing the Files I can > see one created with python are UTF8STRING and the one with my other > application are PRINTABLESTRING. > > I try to make a new test with the current git version of cryptography. > > Thanks, > Julian > > Am 01.10.2017 um 15:45 schrieb Alex Gaynor <alex.gay...@gmail.com>: > > Can you point your certificate at `openssl asn1parse` and compare the > string types used in the signature? > > My guess it that the cryptography generated cert will have UTF8String, and > the cert generated by your other software will have PrintableString or some > other string time. > > If yes, good news! This will be fixed in the next cryptography release -- > you can verify this by testing with the version of cryptography in git. > > Alex > > On Sun, Oct 1, 2017 at 9:43 AM, Julian Meyer <jul...@meyer-privat.com> > wrote: > >> Hi, >> >> I woud like to sign a certificate with my internal intermediate (CA) >> certificate. First I thought the issue was caused by the >> AuthorityKeyIdentifier Extension without the authority_cert_issuer and >> authority_cert_serial_number parameters. >> >> But as Paul wrote back and I made a few tests, this isn’t the issue. >> >> Until now, I used a Desktop application called XCA to manage my testing >> certificates. I like to automate this, witch my python program. But the >> Webbrowser don’t accept the created certificates. In Crome I get >> ERR_CERT_AUTHORITY_INVALID as an error message, but if I check this >> certificate with openssl, or by importing it in XCA, all themes alright. >> Yes, the Root Certificate is in the Truststore and the Webserver is >> delivering the Intermediate and server certificate. >> >> I can't locate the issue why the browser can not validate the trust chain >> if the certificate is signed by the cryptography library. >> >> My Software is Open Source and this is the part, where the certificate is >> signed: >> https://github.com/meyju/cert-master/blob/92104e07bc8d909d76 >> 3f3559783e9e3698785dbc/cert_master/certificate.py#L239 >> >> Is the order of the extensions in the certificate imported? This is the >> only difference I can see right now. >> >> Any suggestions or tipps? >> >> Should I send my testing certificates? >> >> Kind regards, >> Julian >> _______________________________________________ >> Cryptography-dev mailing list >> Cryptography-dev@python.org >> https://mail.python.org/mailman/listinfo/cryptography-dev >> > > > > -- > "I disapprove of what you say, but I will defend to the death your right > to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) > "The people's good is the highest law." -- Cicero > GPG Key fingerprint: D1B3 ADC0 E023 8CA6 > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > > > > _______________________________________________ > Cryptography-dev mailing list > Cryptography-dev@python.org > https://mail.python.org/mailman/listinfo/cryptography-dev > > -- "I disapprove of what you say, but I will defend to the death your right to say it." -- Evelyn Beatrice Hall (summarizing Voltaire) "The people's good is the highest law." -- Cicero GPG Key fingerprint: D1B3 ADC0 E023 8CA6
_______________________________________________ Cryptography-dev mailing list Cryptography-dev@python.org https://mail.python.org/mailman/listinfo/cryptography-dev
