Message 261109 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
Date	2016-03-02.12:24:40
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1456921480.82.0.773236455463.issue26471@psf.upfronthosting.co.za>
In-reply-to

Content
https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_verify_locations can load certs from a file, a directory or from memory. OpenSSL's loaders for cafile and capath load auxiliary data of trusted certs. The custom loader for cadata ignores AUX data because it uses PEM_read_bio_X509() instead of PEM_read_bio_X509_AUX(). With the recent fix of OpenSSL 1.0.2 https://github.com/openssl/openssl/commit/a3baa171053547488475709c7197592c66e427cf trusted certificates now work again. I propose to change cadata to load trust settings, too.

https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_verify_locations can load certs from a file, a directory or from memory. OpenSSL's loaders for cafile and capath load auxiliary data of trusted certs. The custom loader for cadata ignores AUX data because it uses PEM_read_bio_X509() instead of PEM_read_bio_X509_AUX().

With the recent fix of OpenSSL 1.0.2 https://github.com/openssl/openssl/commit/a3baa171053547488475709c7197592c66e427cf trusted certificates now work again. I propose to change cadata to load trust settings, too.

History
Date	User	Action	Args
2016-03-02 12:24:40	christian.heimes	set	recipients: + christian.heimes, janssen, pitrou, giampaolo.rodola, alex, dstufft
2016-03-02 12:24:40	christian.heimes	set	messageid: <1456921480.82.0.773236455463.issue26471@psf.upfronthosting.co.za>
2016-03-02 12:24:40	christian.heimes	link	issue26471 messages
2016-03-02 12:24:40	christian.heimes	create