tlsa binary fails with certificate error

Hoggins! fuckspam at wheres5.com
Tue May 22 20:23:00 CEST 2018 


Le 22/05/2018 à 16:49, Viktor Dukhovni a écrit :
>
>> On May 22, 2018, at 10:39 AM, Hoggins! <fuckspam at wheres5.com> wrote:
>>
>> Hello Viktor,
>>
>> I have published the correct TLSA records (generated with my "old"
>> system) this morning, they are fixed for now.
> Yes, I see that too.  I've removed your domains from:
>
>   https://github.com/danefail/list

Thank you

>
>> Le 22/05/2018 à 16:11, Viktor Dukhovni a écrit :
>>>> On May 22, 2018, at 5:05 AM, Hoggins! <fuckspam at wheres5.com> wrote:
>>>>
>>> I think I see the bug:
>>>
>>>> -- non working system : Fedora 28, python2-libs-2.7.15-1.fc28.x86_64
>>>>
>>>>       <snip>
>>>>       while True:
>>>>               cptr = m2.x509_read_pem(bio._ptr())
>>>>               if not cptr:
>>>>                       break
>>>>               chain.append(X509.X509(cptr, _pyfree=1))
>>> You're telling Python it owns the certificate object reference
>>> and should free it when no longer needed.  Then add the certificate
>>> to the chain, but this call may not bump the certificate reference
>>> count.
>>>
>>>>               print chain
>>> Here you print the chain.  And the certificate itself goes out of
>>> scope and is freed, the chain no longer holds a valid reference.
>> Actually when inside the loop, chain is not empty, it's only outside of
>> it that it seems to be freed.
> Yes, perhaps because the certificate object is still in scope.  What
> happens if you load all the certificates into a list in the loop,
> and build the chain from the list outside the loop, then the array
> still references the certificates.
>
> If we get too deep into Python, we'll be too far off topic, but for
> now, we're still vaguely talking about certificate management...
>

Anyway, I raised an issue on their GitHub, the maintainers should be
able to have a look : https://github.com/letoams/hash-slinger/issues/20

    Hoggins!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: OpenPGP digital signature
URL: <https://mail.sys4.de/pipermail/dane-users/attachments/20180522/32cf46f5/attachment.asc>

More information about the dane-users mailing list