Issue 28671: SSL server requesting client certificates should send CA list (original) (raw)

When a Python HTTPS server requests client certificates, it should send a CA list so the client knows which certificates are acceptable.

It looks like right now Python calls SSL_CTX_load_verify_locations, so once the client certificate is sent, Python can verify whether the client against the specify CAs. However, it looks like Python should also call SSL_CTX_set_client_CA_list so the client knows which certificates to send.