Message236520
The problem specifically is that OpenSSL only uses a *root* in the trust store as an anchor. That means any certificate that is signed by another certificate will not terminate the chain of trust. Browsers do better here, by trusting the entirety of the trust store, regardless of whether or not it's a root certificate.
Donald is correct: this is not really Python's fault, it's OpenSSL's. |
|
Date |
User |
Action |
Args |
2015-02-24 17:15:40 | Lukasa | set | recipients:
+ Lukasa, janssen, nagle, pitrou, giampaolo.rodola, christian.heimes, alex, icordasc, dstufft, demian.brecht, lac |
2015-02-24 17:15:40 | Lukasa | set | messageid: <1424798140.75.0.615077451413.issue23476@psf.upfronthosting.co.za> |
2015-02-24 17:15:40 | Lukasa | link | issue23476 messages |
2015-02-24 17:15:40 | Lukasa | create | |
|