]> granicus.if.org Git - python/commit
projects / python / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ee72dda) | patch
[3.8] bpo-37428: Don't set PHA verify flag on client side (GH-14494)
authorChristian Heimes <christian@python.org>
Mon, 1 Jul 2019 07:25:48 +0000 (09:25 +0200)
committerGitHub <noreply@github.com>
Mon, 1 Jul 2019 07:25:48 +0000 (09:25 +0200)
commitf22c4cf11d10f52faa86e0b308dd28f11819efd8
treea221e4d3841ffe1ddd8bae9324d7a07237fa3d88tree | snapshot
parentee72dda9616258b57c19eb5af00f3e80a3fb8e22commit | diff
[3.8] bpo-37428: Don't set PHA verify flag on client side (GH-14494)

SSLContext.post_handshake_auth = True no longer sets
SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the
option is documented as ignored for clients, OpenSSL implicitly enables cert
chain validation when the flag is set.

Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37428
(cherry picked from commit f0f5930ac88482ef896283db5be9b8d508d077db)
Lib/test/test_ssl.py diff | blob | history
Misc/NEWS.d/next/Library/2019-06-27-13-27-02.bpo-37428._wcwUd.rst [new file with mode: 0644] blob
Modules/_ssl.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.