cpython: 1508c4c9e747 (original) (raw)
Mercurial > cpython
changeset 89536:1508c4c9e747
whatsnew: SSLContext.verify_flags and constants. (#8813) [#8813]
| R David Murray rdmurray@bitdance.com | |
|---|---|
| date | Sun, 09 Mar 2014 17:01:34 -0400 |
| parents | 42599de6a4de |
| children | ac2ee9fc353a |
| files | Doc/whatsnew/3.4.rst |
| diffstat | 1 files changed, 8 insertions(+), 0 deletions(-)[+] [-] Doc/whatsnew/3.4.rst 8 |
line wrap: on
line diff
--- a/Doc/whatsnew/3.4.rst
+++ b/Doc/whatsnew/3.4.rst
@@ -1305,6 +1305,14 @@ The dictionary returned by :meth:.SSLSo[](#l1.3) ``X509v3`` extension items: ``crlDistributionPoints``, ``calIssuers``, and[](#l1.4) ``OCSP`` URIs. (Contributed by Christian Heimes in :issue:18379.)[](#l1.5) [](#l1.6) +If OpenSSL 0.9.8 or later is available, :class:ssl.SSLContextssl.SSLContext.verify_flags has an new[](#l1.7) +attribute :attr: that can be used to control the[](#l1.8) +certificate verification process by setting it to some combination of the new[](#l1.9) +constants :data:ssl.VERIFY_DEFAULTssl.VERIFY_CRL_CHECK_LEAF, :data:,[](#l1.10) +:data:ssl.VERIFY_CRL_CHECK_CHAINssl.VERIFY_X509_STRICT, or :data:.[](#l1.11) +OpenSSL does not do any CRL verification by default. (Contributed by[](#l1.12) +Christien Heimes in :issue:8813`.)
+
stat
----