]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3e24dd5) | patch
[3.7] bpo-37428: Don't set PHA verify flag on client side (GH-14421) (GH-14493)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 1 Jul 2019 06:51:40 +0000 (23:51 -0700)
committerNed Deily <nad@python.org>
Tue, 2 Jul 2019 02:27:58 +0000 (22:27 -0400)
commit5b45fb0a449543fab6e7b606e51b739cb316d3c4
treefaddc0122ba3e2179cd945341d49e6d341be67f8tree | snapshot
parent3e24dd52bba863fce4f3c6a34ca9f813666ed181commit | diff
[3.7] bpo-37428: Don't set PHA verify flag on client side (GH-14421) (GH-14493)

SSLContext.post_handshake_auth = True no longer sets
SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the
option is documented as ignored for clients, OpenSSL implicitly enables cert
chain validation when the flag is set.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37428
(cherry picked from commit f0f5930ac88482ef896283db5be9b8d508d077db)

Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37428
Lib/test/test_ssl.py diff | blob | blame | history
Misc/NEWS.d/next/Library/2019-06-27-13-27-02.bpo-37428._wcwUd.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git