Martin v. Löwis <mar...@v.loewis.de> added the comment:

I can reproduce this, and it seems to stem from the openssl version used 
(0.9.8l). Running openssl s_client -connect grooveshark.com:443 with 0.9.8l 
gives

CONNECTED(00000003)
depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 
Policy Validation 
Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
22456:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is 
not 01:rsa_pk1.c:100:
22456:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check 
failed:rsa_eay.c:697:
22456:error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad 
signature:s3_clnt.c:1448:

With 1.0.1c, it gives


CONNECTED(00000003)
depth=3 L = ValiCert Validation Network, O = "ValiCert, Inc.", OU = ValiCert 
Class 2 Policy Validation Authority, CN = http://www.valicert.com/, 
emailAddress = i...@valicert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
 0 s:/C=US/ST=FL/L=Gainesville/O=Grooveshark/CN=*.grooveshark.com
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, 
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure 
Certification Authority/serialNumber=07969287
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, 
Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure 
Certification Authority/serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification 
Authority
 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification 
Authority
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy 
Validation Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com
 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy 
Validation Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com
   i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2 Policy 
Validation Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com
---
Server certificate
...

i.e. the connection gets established.

The next bug fix release of Python 2.7 will include OpenSSL 0.9.8x, which is 
the latest OpenSSL 0.9.8 bug fix. It still shows the error in connecting, so I 
wonder whether this is a bug that just doesn't get fixed for 0.9.8, or whether 
it's a bug in the server (that 1.0.1 somehow avoids).

----------
nosy: +loewis

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue15082>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to