➜
This issue tracker has been migrated to GitHub,
and is currently read-only.
For more information,
see the GitHub FAQs in the Python's Developer Guide.
Created on 2020-06-02 19:20 by l0x, last changed 2022-04-11 14:59 by admin. This issue is now closed.
| Pull Requests | |||
|---|---|---|---|
| URL | Status | Linked | Edit |
| PR 20463 | merged | l0x, 2020-06-02 19:20 | |
| Messages (3) | |||
|---|---|---|---|
| msg370621 - (view) | Author: (l0x) * | Date: 2020-06-02 19:20 | |
This simple patch exposes OpenSSL's X509_V_FLAG_PARTIAL_CHAIN if it is defined. This lets us trust a certificate if it is signed by a certificate in the trust store, even if that CA is not a root CA. It makes it possible to trust an intermediate CA without trusting the root and all the other intermediate CAs it has signed. |
|||
| msg370627 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2020-06-02 20:34 | |
Thanks for the patch! I'm still pondering if I prefer VERIFY_PARTIAL_CHAIN over VERIFY_X509_PARTIAL_CHAIN. The string X509 is not meaningful here but fits with the other, much older flags. |
|||
| msg391374 - (view) | Author: miss-islington (miss-islington) | Date: 2021-04-19 11:51 | |
New changeset 64d975202f7a91cb8c61a050fafb4e934fcbaa4e by l0x in branch 'master': bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag (GH-20463) https://github.com/python/cpython/commit/64d975202f7a91cb8c61a050fafb4e934fcbaa4e |
|||
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:59:31 | admin | set | github: 85026 |
| 2021-04-19 12:00:33 | christian.heimes | set | status: open -> closed resolution: fixed stage: resolved |
| 2021-04-19 11:51:22 | miss-islington | set | nosy:
+ miss-islington messages: + msg391374 |
| 2020-06-02 20:34:36 | christian.heimes | set | messages:
+ msg370627 versions: + Python 3.10 |
| 2020-06-02 19:20:28 | l0x | create | |