sethmlarson commented 6 months ago

Bug report

Bug description:

The get_verified_chain() and get_unverified_chain() APIs for SSLSocket were updated in https://github.com/python/cpython/pull/109113, but the API wasn't updated for SSLObject. This leads to inconsistent return types, one returns _ssl.Certificate and the other returns bytes. It appears from https://github.com/python/cpython/pull/109113 that bytes is what's expected.

This caused an issue for Windows and macOS using Truststore which relies on these APIs for verifying certificates. A bugfix is coming for Truststore, but these APIs should return the same type.

cc @matiuszka

CPython versions tested on:

3.13, CPython main branch

Operating systems tested on:

Linux, Windows

Linked PRs

gh-118669
gh-123082
gh-124598
gh-124599
gh-124972

matiuszka commented 6 months ago

Good catch. I overlooked this. I will fix it ASAP.

matiuszka commented 6 months ago

I fixed the types, sorry for the problems.

python / cpython

Inconsistent return types between SSLSocket and SSLObject certificate chain APIs #118658

Bug report

Bug description:

CPython versions tested on:

Operating systems tested on:

Linked PRs