Issue 26471: load_verify_locations(cadata) should load AUX ASN.1 to supported trusted certs (original) (raw)
Issue26471
Created on 2016-03-02 12:24 by christian.heimes, last changed 2022-04-11 14:58 by admin.
| Messages (1) | ||
|---|---|---|
| msg261109 - (view) | Author: Christian Heimes (christian.heimes) *  |
Date: 2016-03-02 12:24 |
| https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_verify_locations can load certs from a file, a directory or from memory. OpenSSL's loaders for cafile and capath load auxiliary data of trusted certs. The custom loader for cadata ignores AUX data because it uses PEM_read_bio_X509() instead of PEM_read_bio_X509_AUX(). With the recent fix of OpenSSL 1.0.2 https://github.com/openssl/openssl/commit/a3baa171053547488475709c7197592c66e427cf trusted certificates now work again. I propose to change cadata to load trust settings, too. |
| History | |||
|---|---|---|---|
| Date | User | Action | Args |
| 2022-04-11 14:58:28 | admin | set | github: 70658 |
| 2018-02-25 20:24:46 | christian.heimes | set | priority: high -> normalversions: + Python 3.8, - Python 2.7, Python 3.5, Python 3.6, Python 3.7 |
| 2016-09-15 07:49:47 | christian.heimes | set | components: + SSL |
| 2016-09-09 00:02:33 | christian.heimes | set | priority: normal -> highassignee: christian.heimesversions: + Python 3.7 |
| 2016-06-12 11:22:52 | christian.heimes | set | assignee: christian.heimes -> (no value) |
| 2016-03-02 12:24:40 | christian.heimes | create |