search

python / cpython

The Python programming language
https://www.python.org
Other
62.3k stars 29.93k forks source link

Inconsistent return types between SSLSocket and SSLObject certificate chain APIs #118658

Open sethmlarson opened 4 months ago

sethmlarson commented 4 months ago

Bug report

Bug description:

The get_verified_chain() and get_unverified_chain() APIs for SSLSocket were updated in https://github.com/python/cpython/pull/109113, but the API wasn't updated for SSLObject. This leads to inconsistent return types, one returns _ssl.Certificate and the other returns bytes. It appears from https://github.com/python/cpython/pull/109113 that bytes is what's expected.

This caused an issue for Windows and macOS using Truststore which relies on these APIs for verifying certificates. A bugfix is coming for Truststore, but these APIs should return the same type.

cc @matiuszka

CPython versions tested on:

3.13, CPython main branch

Operating systems tested on:

Linux, Windows

Linked PRs

matiuszka commented 4 months ago

Good catch. I overlooked this. I will fix it ASAP.

matiuszka commented 4 months ago

I fixed the types, sorry for the problems.