This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author Lukasa
Recipients Lukasa, alex, christian.heimes, demian.brecht, dstufft, giampaolo.rodola, icordasc, janssen, lac, nagle, pitrou
Date 2015-02-24.17:15:40
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <1424798140.75.0.615077451413.issue23476@psf.upfronthosting.co.za>
In-reply-to
Content
The problem specifically is that OpenSSL only uses a *root* in the trust store as an anchor. That means any certificate that is signed by another certificate will not terminate the chain of trust. Browsers do better here, by trusting the entirety of the trust store, regardless of whether or not it's a root certificate.

Donald is correct: this is not really Python's fault, it's OpenSSL's.
History
Date User Action Args
2015-02-24 17:15:40Lukasasetrecipients: + Lukasa, janssen, nagle, pitrou, giampaolo.rodola, christian.heimes, alex, icordasc, dstufft, demian.brecht, lac
2015-02-24 17:15:40Lukasasetmessageid: <1424798140.75.0.615077451413.issue23476@psf.upfronthosting.co.za>
2015-02-24 17:15:40Lukasalinkissue23476 messages
2015-02-24 17:15:40Lukasacreate