Skip to content

Inconsistent return types between SSLSocket and SSLObject certificate chain APIs #118658

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sethmlarson opened this issue May 6, 2024 · 2 comments
Closed

Inconsistent return types between SSLSocket and SSLObject certificate chain APIs #118658

sethmlarson opened this issue May 6, 2024 · 2 comments
Labels
type-bug An unexpected behavior, bug, or error

Comments

@sethmlarson
Copy link
Contributor

sethmlarson commented May 6, 2024
edited by bedevere-app bot
Loading

Bug report

Bug description:

The get_verified_chain() and get_unverified_chain() APIs for SSLSocket were updated in #109113, but the API wasn't updated for SSLObject. This leads to inconsistent return types, one returns _ssl.Certificate and the other returns bytes. It appears from #109113 that bytes is what's expected.

This caused an issue for Windows and macOS using Truststore which relies on these APIs for verifying certificates. A bugfix is coming for Truststore, but these APIs should return the same type.

cc @matiuszka

CPython versions tested on:

3.13, CPython main branch

Operating systems tested on:

Linux, Windows

Linked PRs
@sethmlarson sethmlarson added the type-bug An unexpected behavior, bug, or error label May 6, 2024
@sethmlarson sethmlarson mentioned this issue May 6, 2024
Merged
@matiuszka
Copy link
Contributor

Good catch. I overlooked this. I will fix it ASAP.

@bedevere-app bedevere-app bot mentioned this issue May 6, 2024
Merged
@matiuszka
Copy link
Contributor

I fixed the types, sorry for the problems.

@felixfontein felixfontein mentioned this issue Jul 9, 2024
Merged
Yhg1s pushed a commit that referenced this issue Aug 16, 2024
@matiuszka @gpshead
gh-118658: Return consistent types from get_un/verified_chain in `S…
8ef358d 
…SLObject` and `SSLSocket` (#118669)

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
miss-islington pushed a commit to miss-islington/cpython that referenced this issue Aug 16, 2024
@matiuszka @gpshead @miss-islington
pythongh-118658: Return consistent types from get_un/verified_chain
28d5aa4 
… in `SSLObject` and `SSLSocket` (pythonGH-118669)

(cherry picked from commit 8ef358d)

Co-authored-by: Mateusz Nowak <nowak.mateusz@hotmail.com>
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
@bedevere-app bedevere-app bot mentioned this issue Aug 16, 2024
Merged
sethmlarson pushed a commit that referenced this issue Aug 19, 2024
@miss-islington @matiuszka @gpshead
[3.13] gh-118658: Return consistent types from `get_un/verified_chain…
21399a0 
…` in `SSLObject` and `SSLSocket` (GH-118669) (#123082)

gh-118658: Return consistent types from `get_un/verified_chain` in `SSLObject` and `SSLSocket` (GH-118669)
(cherry picked from commit 8ef358d)

Co-authored-by: Mateusz Nowak <nowak.mateusz@hotmail.com>
Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
jeremyhylton pushed a commit to jeremyhylton/cpython that referenced this issue Aug 19, 2024
@matiuszka @gpshead @jeremyhylton
pythongh-118658: Return consistent types from get_un/verified_chain
9fa2aae 
… in `SSLObject` and `SSLSocket` (python#118669)

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
blhsing pushed a commit to blhsing/cpython that referenced this issue Aug 22, 2024
@matiuszka @gpshead @blhsing
pythongh-118658: Return consistent types from get_un/verified_chain
14d5d53 
… in `SSLObject` and `SSLSocket` (python#118669)

Co-authored-by: Gregory P. Smith [Google LLC] <greg@krypto.org>
kanavin added a commit to kanavin/cpython that referenced this issue Sep 26, 2024
@kanavin
Revert "pythongh-118658: Return consistent types from `get_un/verifie…
2a2d1dc 
…d_chain` in `SSLObject` and `SSLSocket` (python#118669)"

This reverts commit 8ef358d.
This was referenced Sep 26, 2024
Merged
Closed
encukou pushed a commit that referenced this issue Oct 4, 2024
@felixfontein
gh-118658: Modify cert generation script to extract cert3.pem (GH-124598
480354d 
)
@bedevere-app bedevere-app bot mentioned this issue Oct 4, 2024
Merged
felixfontein added a commit to felixfontein/cpython that referenced this issue Oct 4, 2024
@felixfontein
[3.13] pythongh-118658: Modify cert generation script to extract cert…
106f476 
…3.pem (pythonGH-124598)

(cherry picked from commit 480354d)

Co-authored-by: Felix Fontein <felix@fontein.de>
encukou pushed a commit that referenced this issue Oct 8, 2024
@felixfontein
[3.13] gh-118658: Modify cert generation script to extract cert3.pem (G…
4eab6e8 
…H-124598) (GH-124972)

(cherry picked from commit 480354d)
@encukou encukou closed this as completed Nov 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type-bug An unexpected behavior, bug, or error
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@encukou @sethmlarson @matiuszka