On Sat, Dec 28, 2024 at 8:34 AM Dick Brooks via curl-users < curl-users@lists.haxx.se> wrote:
> *[...]* > > I’ve encountered some unexpected behavior between two systems using the > exact same piece of code – any ideas why this might be happening: > > > > FROM ROADWARRIOR (Win 11) (shows the signing certificate info) > > > > ----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files > > ----> Subject : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2 > > ----> Issuer : CN=GlobalSign > > ----> SourceCertificateComplete : [(('Subject', 'C=BE, O=GlobalSign > nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2'), ('Issuer', > 'OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign'), ('Version', > '2'), ('Serial Number', > '00:80:4e:00:3a:27:2b:c5:18:e3:4d:a4:b1:fc:9b:78:33:'), ('Signature > Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-01-17 03:24:32 > GMT'), ('Expire Date', '2026-01-17 00:00:00 GMT') > > > > > > FROM WARP9 (Win 10) (shows the issued SSL Certificate subject info – the > leaf node) > > > > ----> ServerURL : https://pypi.org/project/sag-reader/1.0.4/#files > > ----> Subject : CN=pypi.org > > ----> Issuer : CN=GlobalSign Atlas R3 DV TLS CA 2024 Q2 > > ----> SourceCertificateComplete : [(('Subject', 'CN=pypi.org'), > ('Issuer', 'C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2024 > Q2'), ('Version', '2'), ('Serial Number', > '01:06:a3:43:b1:24:03:82:30:1a:c9:27:d9:3f:23:4b:'), ('Signature > Algorithm', 'sha256WithRSAEncryption'), ('Start Date', '2024-04-23 04:22:05 > GMT'), ('Expire Date', '2025-05-25 04:22:04 GMT') > > > > NOTE: I receive the same results on both machines when I run the code > interactively (the win 10 results): > > > > import pycurl, certifi > > curl = pycurl.Curl() > > curl.setopt(pycurl.CAINFO, certifi.where()) > > curl.setopt(pycurl.SSL_VERIFYPEER, 1) > > curl.setopt(pycurl.SSL_VERIFYHOST, 2) > > curl.setopt(pycurl.OPT_CERTINFO, 1) > > curl.setopt(pycurl.NOBODY, 1) > > #ServerURL="https://pypi.org/project/sag-reader/"; > > ServerURL="https://softwareassuranceguardian.com/SAG_CTR"; > > curl.setopt(pycurl.URL, ServerURL) # https://pypi.org/project/sag-reader/ > > buffer = curl.perform_rb() > > ServerCert = curl.getinfo(pycurl.INFO_CERTINFO) > > certinfo = ServerCert[0] > > print(certinfo) > > certinfo_dict = dict() > > for entry in certinfo: > > > > certinfo_dict[entry[0]] = entry[1] > > print(certinfo_dict[entry[0]]) > > for item in certinfo_dict['Subject'].split(", "): > > Cert_Subject = item > > print("ITEM: ", item) > > if item.find("=") != -1 : > > fieldname = > item.split("=")[0].strip() > > fieldvalue = item.split("=")[1] > > if fieldname == "CN" : > > CN_Name = > fieldvalue > > print("CN= ", > CN_Name) > It is not clear (to me) what your complaint is. You did not state it other than to say you experienced unexpected behavior. To state the obvious: the dumps you are showing are for the host at pypi.org. The code you are showing is hardcoded for the host softwareassuranceguardian.com. You can use OpenSSL to dump the web server's certificate. Maybe that will give you a good baseline. $ openssl s_client -connect softwareassuranceguardian.com:443 -servername softwareassuranceguardian.com | openssl x509 -text -noout Connecting to 18.220.83.76 depth=0 CN=softwareassuranceguardian.com verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 CN=softwareassuranceguardian.com verify error:num=21:unable to verify the first certificate verify return:1 depth=0 CN=softwareassuranceguardian.com verify return:1 Certificate: Data: Version: 3 (0x2) Serial Number: 4721225938421497953 (0x418529fa13f94061) Signature Algorithm: sha256WithRSAEncryption Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU= http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 Validity Not Before: Apr 25 07:09:28 2024 GMT Not After : Apr 23 11:58:54 2025 GMT Subject: CN=softwareassuranceguardian.com Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b8:f8:06:85:57:b7:a6:50:22:5e:90:a2:d5:23: f9:6e:c0:aa:e4:da:ba:66:9e:1d:38:fc:e4:98:ab: 93:59:33:1e:93:5e:c5:e5:c7:e4:c4:91:71:ce:4b: 40:44:65:36:0b:0e:32:ac:b8:c5:68:e5:db:ce:ce: 33:02:3c:32:ce:06:27:1c:f0:79:0e:a7:41:de:7b: c9:d6:be:0d:ed:6a:37:61:7c:8b:a2:b2:8f:6b:da: 66:70:3a:13:a8:d4:77:ca:cb:d4:9e:84:4a:d8:7f: 54:19:fd:74:38:d7:b8:47:41:f1:0d:18:9a:75:6d: 43:16:ee:58:b5:95:7d:b0:8c:05:99:33:4f:ce:23: aa:30:1d:76:fb:5f:59:11:d2:57:d8:43:8c:21:9a: 28:85:1c:e7:2f:2e:5e:88:a3:1b:09:b5:8a:4e:26: 5a:6d:8c:7e:9b:8a:0c:5c:6a:b6:b4:4d:4c:ef:ed: 91:3c:0d:4c:06:69:3e:fa:ad:20:10:25:47:f7:dd: 73:9f:37:74:12:20:65:d6:cd:d3:3c:9b:94:95:97: e1:2d:ea:97:36:fd:f6:ff:40:ba:59:3b:c9:a6:e2: e5:60:e4:03:e5:a4:24:32:9d:88:a0:4c:03:3c:0f: 3c:ca:e0:29:bc:2a:f7:fe:b5:b2:47:9f:0f:0d:3b: 61:d3 Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 CRL Distribution Points: Full Name: URI:http://crl.godaddy.com/gdig2s1-20551.crl X509v3 Certificate Policies: Policy: 2.16.840.1.114413.1.7.23.1 CPS: http://certificates.godaddy.com/repository/ Policy: 2.23.140.1.2.1 Authority Information Access: OCSP - URI:http://ocsp.godaddy.com/ CA Issuers - URI: http://certificates.godaddy.com/repository/gdig2.crt X509v3 Authority Key Identifier: 40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE X509v3 Subject Alternative Name: DNS:softwareassuranceguardian.com, DNS: www.softwareassuranceguardian.com X509v3 Subject Key Identifier: 5F:9D:0A:95:E9:34:3A:90:CA:D5:70:40:1C:4F:86:FE:6A:C4:A7:7A CT Precertificate SCTs: Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 4E:75:A3:27:5C:9A:10:C3:38:5B:6C:D4:DF:3F:52:EB: 1D:F0:E0:8E:1B:8D:69:C0:B1:FA:64:B1:62:9A:39:DF Timestamp : Apr 25 07:09:29.840 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:45:02:21:00:82:F6:7D:A9:12:F6:01:C1:61:59:BE: B5:9C:C2:EA:76:29:7E:58:1C:02:6A:C0:4E:B5:AD:38: 0E:A1:CF:2E:02:02:20:42:C1:5A:DC:82:EB:A7:06:2B: 4E:1D:A6:3B:D8:5B:58:C5:C0:FE:47:B1:E9:52:1E:97: A2:D1:08:7E:B2:2E:A2 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : 7D:59:1E:12:E1:78:2A:7B:1C:61:67:7C:5E:FD:F8:D0: 87:5C:14:A0:4E:95:9E:B9:03:2F:D9:0E:8C:2E:79:B8 Timestamp : Apr 25 07:09:29.996 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:20:21:15:32:E6:4C:23:F7:F2:1E:CC:9B: 15:5E:96:B7:C5:5E:D7:2C:1D:A8:9C:F8:2A:A1:25:40: A2:2F:72:A3:02:20:1F:12:62:C3:20:E4:FE:0A:6B:4F: 4A:BD:75:90:79:4A:BB:F4:A0:61:4C:C8:78:2C:45:B5: 3F:A1:E6:8B:AB:06 Signed Certificate Timestamp: Version : v1 (0x0) Log ID : CC:FB:0F:6A:85:71:09:65:FE:95:9B:53:CE:E9:B2:7C: 22:E9:85:5C:0D:97:8D:B6:A9:7E:54:C0:FE:4C:0D:B0 Timestamp : Apr 25 07:09:30.095 2024 GMT Extensions: none Signature : ecdsa-with-SHA256 30:44:02:20:3D:6A:C6:15:00:E4:0A:F6:82:68:E0:C9: 6A:F3:D6:6B:08:26:A9:EB:6B:5C:2D:B5:83:9E:F0:D4: 2B:B9:A2:1F:02:20:0F:92:85:20:FD:F6:A0:98:38:B3: 07:26:DB:F1:67:EB:CD:5B:3A:75:44:6E:60:D8:34:77: 7E:9C:59:BA:9C:18 Signature Algorithm: sha256WithRSAEncryption Signature Value: 6c:7e:67:10:ec:ec:a3:ed:7f:83:65:ec:fc:4b:9c:3d:d6:dd: 6c:35:1d:bb:de:fc:36:f8:7d:47:48:df:06:2e:94:50:53:0f: 15:bb:bd:6c:3e:3a:dd:cc:70:c0:a3:dc:00:4e:dc:fa:4d:ba: 3f:5b:2c:61:9e:8d:c5:74:8b:f7:85:ac:b4:cd:0c:b9:15:91: 3d:8d:ef:8d:59:2b:91:a2:63:e0:78:bd:19:8d:ad:37:2f:a2: fd:1e:1d:77:8d:98:01:ff:6e:00:0c:f4:70:b4:e2:dd:bb:57: 6e:61:ac:87:2b:02:bb:e9:1a:6a:6f:0e:82:b7:d0:a4:5c:38: bf:76:74:29:82:a3:32:d9:18:83:c9:21:4c:44:9d:c9:cb:fc: f1:0e:5e:da:3d:cd:69:1c:8a:ad:44:df:f2:d4:38:93:7b:ca: 61:49:3a:12:1c:84:71:2d:a3:db:d1:c0:09:9f:b7:ca:87:d1: 1a:a7:33:86:32:23:8f:15:9b:69:ed:38:3e:93:88:20:03:14: 22:84:b6:41:8f:a7:a3:78:30:40:82:53:2d:98:62:d4:38:42: 56:44:a4:cc:2b:a7:c7:f4:7c:81:12:f1:af:ce:66:3b:da:3c: 8f:67:15:a9:99:38:35:27:1f:65:85:88:23:96:d7:52:d7:66: 44:aa:ae:75 Jeff
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-users Etiquette: https://curl.se/mail/etiquette.html
