]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 6530577) | patch
bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7649)
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Mon, 11 Jun 2018 23:20:24 +0000 (16:20 -0700)
committerNed Deily <nad@python.org>
Mon, 11 Jun 2018 23:20:24 +0000 (19:20 -0400)
commita5db479ac4cdcc0d94ec1d7a594720a651d90433
tree4af8b660b61ba0de58f5fbdda00f16b96aa498d2tree | snapshot
parent6530577e29a9679c7e4c7ba7adf1c02393d2ad13commit | diff
bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7649)

The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
(cherry picked from commit ef24b6c54d40e7820456873a6eab6ef57d2bd0db)

Co-authored-by: Christian Heimes <christian@python.org>
Doc/library/ssl.rst diff | blob | history
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Documentation/2017-09-13-07-14-59.bpo-31432.yAY4Z3.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.