[Python-Dev] [RELEASED] Python 3.4.0b2
"Martin v. Löwis"
martin at v.loewis.de
Thu Jan 9 11:37:59 CET 2014
More information about the Python-Dev mailing list
Thu Jan 9 11:37:59 CET 2014
- Previous message: [Python-Dev] [RELEASED] Python 3.4.0b2
- Next message: [Python-Dev] [RELEASED] Python 3.4.0b2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Am 06.01.14 17:26, schrieb Michael Urman: > Here's some more guesswork. Does it seem possible that msiexec is > trying to verify the revocation status of the certificate used to sign > the python .msi file? Per > http://blogs.technet.com/b/pki/archive/2006/11/30/basic-crl-checking-with-certutil.aspx > it looks like crl.microsoft.com is the host; this is hosted on akamai: > crl.microsoft.com is an alias for crl.www.ms.akadns.net. > crl.www.ms.akadns.net is an alias for a1363.g.akamai.net. I think that could be close. The MSI file has two signatures in it: the PSF code signing signature, and a Verisign timestamping signature. For the PSF certificate, the CRL is at csc3-2010-crl.verisign.com, which is (here) a CNAME for crl.ws.symantec.com.edgekey.net, which in turn is a CNAME for e6845.ce.akamaiedge.net. The timestamping signature has its CRL at ts-crl.ws.symantec.com, which is a CNAME for crl.ws.symantec.com.edgekey.net again. So the most plausible reason is indeed that it tries to download CRLs, though not Microsoft ones, but Verisign/Symantic ones. Regards, Martin
- Previous message: [Python-Dev] [RELEASED] Python 3.4.0b2
- Next message: [Python-Dev] [RELEASED] Python 3.4.0b2
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Python-Dev mailing list