diff options
author | Benjamin Peterson <benjamin@python.org> | 2015-03-04 22:11:12 -0500 |
---|---|---|
committer | Benjamin Peterson <benjamin@python.org> | 2015-03-04 22:11:12 -0500 |
commit | b1ebba5bd569ede9b6f9573d6618fb3a6abddae5 (patch) | |
tree | 5dbb4bf92d461244db3722469bc6eb45df7534d5 /Modules/_ssl.c | |
parent | 34c8d9830699c9695284862b879e28480596330d (diff) | |
download | cpython-git-b1ebba5bd569ede9b6f9573d6618fb3a6abddae5.tar.gz |
enable X509_V_FLAG_TRUSTED_FIRST when possible (closes #23476)
Diffstat (limited to 'Modules/_ssl.c')
-rw-r--r-- | Modules/_ssl.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index f9d66a1dd9..309d00bf78 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2072,6 +2072,15 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds) sizeof(SID_CTX)); #undef SID_CTX +#ifdef X509_V_FLAG_TRUSTED_FIRST + { + /* Improve trust chain building when cross-signed intermediate + certificates are present. See https://bugs.python.org/issue23476. */ + X509_STORE *store = SSL_CTX_get_cert_store(self->ctx); + X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST); + } +#endif + return (PyObject *)self; } |