diff options
author | Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> | 2019-06-30 23:51:40 -0700 |
---|---|---|
committer | Ned Deily <nad@python.org> | 2019-07-01 22:27:58 -0400 |
commit | 5b45fb0a449543fab6e7b606e51b739cb316d3c4 (patch) | |
tree | faddc0122ba3e2179cd945341d49e6d341be67f8 /Misc | |
parent | 3e24dd52bba863fce4f3c6a34ca9f813666ed181 (diff) | |
download | cpython-git-5b45fb0a449543fab6e7b606e51b739cb316d3c4.tar.gz |
[3.7] bpo-37428: Don't set PHA verify flag on client side (GH-14421) (GH-14493)
SSLContext.post_handshake_auth = True no longer sets
SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the
option is documented as ignored for clients, OpenSSL implicitly enables cert
chain validation when the flag is set.
Signed-off-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37428
(cherry picked from commit f0f5930ac88482ef896283db5be9b8d508d077db)
Co-authored-by: Christian Heimes <christian@python.org>
https://bugs.python.org/issue37428
Diffstat (limited to 'Misc')
-rw-r--r-- | Misc/NEWS.d/next/Library/2019-06-27-13-27-02.bpo-37428._wcwUd.rst | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/Misc/NEWS.d/next/Library/2019-06-27-13-27-02.bpo-37428._wcwUd.rst b/Misc/NEWS.d/next/Library/2019-06-27-13-27-02.bpo-37428._wcwUd.rst new file mode 100644 index 0000000000..2cdce6b24d --- /dev/null +++ b/Misc/NEWS.d/next/Library/2019-06-27-13-27-02.bpo-37428._wcwUd.rst @@ -0,0 +1,4 @@ +SSLContext.post_handshake_auth = True no longer sets +SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the +option is documented as ignored for clients, OpenSSL implicitly enables cert +chain validation when the flag is set. |