Message 242341 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Lukasa
Recipients	Lukasa
Date	2015-05-01.17:45:25
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1430502325.36.0.624144757291.issue24107@psf.upfronthosting.co.za>
In-reply-to

Content
In order to perform HTTP Public Key Pinning (HPKP), it's necessary to have access to every certificate in the certificate trust chain. This is because the pinned key may actually be an intermediate or root certificate, rather than the leaf certificate. PyOpenSSL offers this functionality, and it ought to be a relatively simple enhancement to expose the equivalent function in the stdlib. For more background, see the urllib3 issue tracking the HPKP feature: https://github.com/shazow/urllib3/pull/607

In order to perform HTTP Public Key Pinning (HPKP), it's necessary to have access to every certificate in the certificate trust chain. This is because the pinned key may actually be an intermediate or root certificate, rather than the leaf certificate.

PyOpenSSL offers this functionality, and it ought to be a relatively simple enhancement to expose the equivalent function in the stdlib.

For more background, see the urllib3 issue tracking the HPKP feature: https://github.com/shazow/urllib3/pull/607

History
Date	User	Action	Args
2015-05-01 17:45:25	Lukasa	set	recipients: + Lukasa
2015-05-01 17:45:25	Lukasa	set	messageid: <1430502325.36.0.624144757291.issue24107@psf.upfronthosting.co.za>
2015-05-01 17:45:25	Lukasa	link	issue24107 messages
2015-05-01 17:45:25	Lukasa	create