Message 301972 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	christian.heimes
Recipients	Alex Gaynor, christian.heimes, gbremer, vstinner
Date	2017-09-12.16:17:07
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1505233027.44.0.741736049183.issue25115@psf.upfronthosting.co.za>
In-reply-to

Content
Grant, I'm not sure I follow you. Do I understand correctly that you want to call SSL_CTX_set_verify_depth(ctx, 1), in order to enforce that a peer cert is directly signed by your CA? That doesn't sound like a good use of SSL_CTX_set_verify_depth(), because it only works for a simple case without an intermediate CA. Most real-world cases have one or more intermediate CAs.

Grant,

I'm not sure I follow you. Do I understand correctly that you want to call SSL_CTX_set_verify_depth(ctx, 1), in order to enforce that a peer cert is directly signed by your CA?

That doesn't sound like a good use of SSL_CTX_set_verify_depth(), because it only works for a simple case without an intermediate CA. Most real-world cases have one or more intermediate CAs.

History
Date	User	Action	Args
2017-09-12 16:17:07	christian.heimes	set	recipients: + christian.heimes, vstinner, gbremer, Alex Gaynor
2017-09-12 16:17:07	christian.heimes	set	messageid: <1505233027.44.0.741736049183.issue25115@psf.upfronthosting.co.za>
2017-09-12 16:17:07	christian.heimes	link	issue25115 messages
2017-09-12 16:17:07	christian.heimes	create