Message 191352 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	christian.heimes
Date	2013-06-17.18:07:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1371492445.72.0.758102030613.issue18233@psf.upfronthosting.co.za>
In-reply-to

Content
As expected it is much harder to get the full certification chain from OpenSSL than I initially expected. SSL_get_peer_cert_chain() doesn't return the root CA's certificate. The new patch introduces a validation mode and uses X509_verify_cert(*X509_STORE_CTX) + X509_STORE_CTX_get1_chain() to build a full chain.

As expected it is much harder to get the full certification chain from OpenSSL than I initially expected. SSL_get_peer_cert_chain() doesn't return the root CA's certificate. The new patch introduces a validation mode and uses X509_verify_cert(*X509_STORE_CTX) + X509_STORE_CTX_get1_chain() to build a full chain.

History
Date	User	Action	Args
2013-06-17 18:07:25	christian.heimes	set	recipients: + christian.heimes
2013-06-17 18:07:25	christian.heimes	set	messageid: <1371492445.72.0.758102030613.issue18233@psf.upfronthosting.co.za>
2013-06-17 18:07:25	christian.heimes	link	issue18233 messages
2013-06-17 18:07:25	christian.heimes	create