This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author christian.heimes
Recipients christian.heimes, dandrzejewski, dstufft, giampaolo.rodola, pitrou, vstinner
Date 2013-11-21.12:58:05
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
My patch is inspired by mod_ssl:

CRLs can already be loaded with SSLContext.load_verify_locations(). The patch exposes the verification flags of SSLContext's X509_STORE. With X509_V_FLAG_CRL_CHECK OpenSSL requires (!) a CRL that matches the issuer of leaf certificate of the chain (the peer's cert). X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL also requires CRLs for all intermediate certs of the peer's cert chain.
Date User Action Args
2013-11-21 12:58:05christian.heimessetrecipients: + christian.heimes, pitrou, vstinner, giampaolo.rodola, dandrzejewski, dstufft
2013-11-21 12:58:05christian.heimessetmessageid: <>
2013-11-21 12:58:05christian.heimeslinkissue8813 messages
2013-11-21 12:58:05christian.heimescreate