granicus.if.org Git - python/commit

]> granicus.if.org Git - python/commit

author	Ned Deily <nad@python.org>
	Tue, 12 Jun 2018 01:44:58 +0000 (21:44 -0400)
committer	GitHub <noreply@github.com>
	Tue, 12 Jun 2018 01:44:58 +0000 (21:44 -0400)
commit	e25757408dc22561af9f9589c2c7e2a2fbb66ee4
tree	d7e58993726733ba646f16b997b81ddb88f4480f	tree \| snapshot
parent	2023eafd9a0554823cab5adf5a1b116d7984db98	commit \| diff

bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7652)

The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.

Doc/library/ssl.rst		diff \| blob \| history
Misc/NEWS.d/next/Documentation/2017-09-13-07-14-59.bpo-31432.yAY4Z3.rst	[new file with mode: 0644]	blob

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom