Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag #85026

Closed
l0x-c0d3z mannequin opened this issue Jun 2, 2020 · 3 comments
Closed

Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag #85026

l0x-c0d3z mannequin opened this issue Jun 2, 2020 · 3 comments
Assignees
@tiran
Labels
3.10 only security fixes topic-SSL type-feature A feature request or enhancement

Comments

@l0x-c0d3z
Copy link
Mannequin

l0x-c0d3z mannequin commented Jun 2, 2020

BPO 40849
Nosy @tiran, @miss-islington, @l0x-c0d3z
PRs
  • bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag #20463
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
closed_at = <Date 2021-04-19.12:00:33.162>
created_at = <Date 2020-06-02.19:20:28.918>
labels = ['expert-SSL', 'type-feature', '3.10']
title = 'Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag'
updated_at = <Date 2021-04-19.12:00:33.162>
user = 'https://github.com/l0x-c0d3z'

    bugs.python.org fields:

    activity = <Date 2021-04-19.12:00:33.162>
actor = 'christian.heimes'
assignee = 'christian.heimes'
closed = True
closed_date = <Date 2021-04-19.12:00:33.162>
closer = 'christian.heimes'
components = ['SSL']
creation = <Date 2020-06-02.19:20:28.918>
creator = 'l0x'
dependencies = []
files = []
hgrepos = []
issue_num = 40849
keywords = []
message_count = 3.0
messages = ['370621', '370627', '391374']
nosy_count = 3.0
nosy_names = ['christian.heimes', 'miss-islington', 'l0x']
pr_nums = ['20463']
priority = 'normal'
resolution = 'fixed'
stage = 'resolved'
status = 'closed'
superseder = None
type = 'enhancement'
url = 'https://bugs.python.org/issue40849'
versions = ['Python 3.10']
    @l0x-c0d3z
    Copy link
    Mannequin Author

    l0x-c0d3z mannequin commented Jun 2, 2020

    This simple patch exposes OpenSSL's X509_V_FLAG_PARTIAL_CHAIN if it is defined. This lets us trust a certificate if it is signed by a certificate in the trust store, even if that CA is not a root CA. It makes it possible to trust an intermediate CA without trusting the root and all the other intermediate CAs it has signed.

    @l0x-c0d3z l0x-c0d3z mannequin assigned tiran Jun 2, 2020
    @l0x-c0d3z l0x-c0d3z mannequin added topic-SSL type-feature A feature request or enhancement labels Jun 2, 2020
    @l0x-c0d3z l0x-c0d3z mannequin assigned tiran Jun 2, 2020
    @l0x-c0d3z l0x-c0d3z mannequin added topic-SSL type-feature A feature request or enhancement labels Jun 2, 2020
    @tiran
    Copy link
    Member

    tiran commented Jun 2, 2020

    Thanks for the patch!

    I'm still pondering if I prefer VERIFY_PARTIAL_CHAIN over VERIFY_X509_PARTIAL_CHAIN. The string X509 is not meaningful here but fits with the other, much older flags.

    @tiran tiran added 3.10 only security fixes labels Jun 2, 2020
    @miss-islington
    Copy link
    Contributor

    New changeset 64d9752 by l0x in branch 'master':
    bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag (GH-20463)
    64d9752

    @tiran tiran closed this as completed Apr 19, 2021
    @tiran tiran closed this as completed Apr 19, 2021
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees

    @tiran tiran

    Labels
    3.10 only security fixes topic-SSL type-feature A feature request or enhancement
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    2 participants
    @tiran @miss-islington