On May 22, 2018, at 10:39 AM, Hoggins! fuckspam@wheres5.com wrote:
Hello Viktor,
I have published the correct TLSA records (generated with my "old" system) this morning, they are fixed for now.
Yes, I see that too. I've removed your domains from:
https://github.com/danefail/list
Le 22/05/2018 à 16:11, Viktor Dukhovni a écrit :
On May 22, 2018, at 5:05 AM, Hoggins! fuckspam@wheres5.com wrote:
I think I see the bug:
-- non working system : Fedora 28, python2-libs-2.7.15-1.fc28.x86_64
<snip> while True: cptr = m2.x509_read_pem(bio._ptr()) if not cptr: break chain.append(X509.X509(cptr, _pyfree=1))You're telling Python it owns the certificate object reference and should free it when no longer needed. Then add the certificate to the chain, but this call may not bump the certificate reference count.
print chainHere you print the chain. And the certificate itself goes out of scope and is freed, the chain no longer holds a valid reference.
Actually when inside the loop, chain is not empty, it's only outside of it that it seems to be freed.
Yes, perhaps because the certificate object is still in scope. What happens if you load all the certificates into a list in the loop, and build the chain from the list outside the loop, then the array still references the certificates.
If we get too deep into Python, we'll be too far off topic, but for now, we're still vaguely talking about certificate management...