Message206347
The new method SSLContext.get_ca_certs() returns all certificates in the context's trusted X509_STORE. I recently found out that it is possible to put a self-signed certificate into the store and use it successfully with verify_mode CERT_REQUIRED. get_ca_certs() doesn't return the cert although it is used to successfully validate a remote cert.
I propose to modify and rename the function and to add a "check_ca" to the dict that is returned by getpeercert(). |
|
Date |
User |
Action |
Args |
2013-12-16 18:53:51 | christian.heimes | set | recipients:
+ christian.heimes |
2013-12-16 18:53:50 | christian.heimes | set | messageid: <1387220030.99.0.0276464783547.issue20000@psf.upfronthosting.co.za> |
2013-12-16 18:53:50 | christian.heimes | link | issue20000 messages |
2013-12-16 18:53:50 | christian.heimes | create | |
|