Message388887
Oh heck, this is a genuine bug. I'm not yet sure if it's an undocumented API quirk in OpenSSL, a design bug in OpenSSL, or a bug in my code.
Python sets the host flags on the X509_VERIFY_PARAM of the *SSL_CTX. All flags get copied to *SSL struct and later to *X509_STORE_CTX struct. At least I thought that all flags get copied. Apparently hostflags aren't copied from *SSL_CTX to *SSL because the *SSL_CTX doesn't have any verify hosts configured. They are only ever configured on *SSL struct.
https://github.com/openssl/openssl/blob/081a7061f3da07318c4b0f5de67b82285630bf6b/crypto/x509/x509_vpm.c#L202-L213 |
|
Date |
User |
Action |
Args |
2021-03-16 21:29:37 | christian.heimes | set | recipients:
+ christian.heimes, Quentin.Pradet |
2021-03-16 21:29:37 | christian.heimes | set | messageid: <1615930177.91.0.850868645582.issue43522@roundup.psfhosted.org> |
2021-03-16 21:29:37 | christian.heimes | link | issue43522 messages |
2021-03-16 21:29:37 | christian.heimes | create | |
|