Author christian.heimes
Recipients christian.heimes, jcea, maker, underrun
Date 2013-07-20.23:42:19
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1374363740.42.0.451855636599.issue18233@psf.upfronthosting.co.za>
In-reply-to
Content
From Rietveld review:

---
http://bugs.python.org/review/18233/diff/8422/Modules/_ssl.c#newcode1203
Modules/_ssl.c:1203: chain = X509_STORE_CTX_get1_chain(store_ctx);
This isn't appropriate for this method. Specifically, you are asking for
the peer cert chain, which purposefully does not include root CA certs
that you trust. What you are giving here a complete validate chain from
a peer cert to a trusted root. This is a valuable piece of information,
but should be returned via another method (perhaps exposed in python as
get1chain in SSLContext). But this method should always return the
result of SSL_get_peer_cert_chain if a peer cert chain is available.
---

You are making a good point. I'm either going to split it up into two function or provide a way to look up a cert by issuer.
History
Date User Action Args
2013-07-20 23:42:20christian.heimessetrecipients: + christian.heimes, jcea, maker, underrun
2013-07-20 23:42:20christian.heimessetmessageid: <1374363740.42.0.451855636599.issue18233@psf.upfronthosting.co.za>
2013-07-20 23:42:20christian.heimeslinkissue18233 messages
2013-07-20 23:42:19christian.heimescreate