tlsa binary fails with certificate error

Hoggins! fuckspam at
Tue May 22 20:23:00 CEST 2018

Le 22/05/2018 à 16:49, Viktor Dukhovni a écrit :
>> On May 22, 2018, at 10:39 AM, Hoggins! <fuckspam at> wrote:
>> Hello Viktor,
>> I have published the correct TLSA records (generated with my "old"
>> system) this morning, they are fixed for now.
> Yes, I see that too.  I've removed your domains from:

Thank you

>> Le 22/05/2018 à 16:11, Viktor Dukhovni a écrit :
>>>> On May 22, 2018, at 5:05 AM, Hoggins! <fuckspam at> wrote:
>>> I think I see the bug:
>>>> -- non working system : Fedora 28, python2-libs-2.7.15-1.fc28.x86_64
>>>>       <snip>
>>>>       while True:
>>>>               cptr = m2.x509_read_pem(bio._ptr())
>>>>               if not cptr:
>>>>                       break
>>>>               chain.append(X509.X509(cptr, _pyfree=1))
>>> You're telling Python it owns the certificate object reference
>>> and should free it when no longer needed.  Then add the certificate
>>> to the chain, but this call may not bump the certificate reference
>>> count.
>>>>               print chain
>>> Here you print the chain.  And the certificate itself goes out of
>>> scope and is freed, the chain no longer holds a valid reference.
>> Actually when inside the loop, chain is not empty, it's only outside of
>> it that it seems to be freed.
> Yes, perhaps because the certificate object is still in scope.  What
> happens if you load all the certificates into a list in the loop,
> and build the chain from the list outside the loop, then the array
> still references the certificates.
> If we get too deep into Python, we'll be too far off topic, but for
> now, we're still vaguely talking about certificate management...

Anyway, I raised an issue on their GitHub, the maintainers should be
able to have a look :


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the dane-users mailing list