Message 206347 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes
Date	2013-12-16.18:53:50
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1387220030.99.0.0276464783547.issue20000@psf.upfronthosting.co.za>
In-reply-to

Content
The new method SSLContext.get_ca_certs() returns all certificates in the context's trusted X509_STORE. I recently found out that it is possible to put a self-signed certificate into the store and use it successfully with verify_mode CERT_REQUIRED. get_ca_certs() doesn't return the cert although it is used to successfully validate a remote cert. I propose to modify and rename the function and to add a "check_ca" to the dict that is returned by getpeercert().

The new method SSLContext.get_ca_certs() returns all certificates in the context's trusted X509_STORE. I recently found out that it is possible to put a self-signed certificate into the store and use it successfully with verify_mode CERT_REQUIRED. get_ca_certs() doesn't return the cert although it is used to successfully validate a remote cert.

I propose to modify and rename the function and to add a "check_ca" to the dict that is returned by getpeercert().

History
Date	User	Action	Args
2013-12-16 18:53:51	christian.heimes	set	recipients: + christian.heimes
2013-12-16 18:53:50	christian.heimes	set	messageid: <1387220030.99.0.0276464783547.issue20000@psf.upfronthosting.co.za>
2013-12-16 18:53:50	christian.heimes	link	issue20000 messages
2013-12-16 18:53:50	christian.heimes	create