(original) (raw)

changeset: 89536:1508c4c9e747 user: R David Murray rdmurray@bitdance.com date: Sun Mar 09 17:01:34 2014 -0400 files: Doc/whatsnew/3.4.rst description: whatsnew: SSLContext.verify_flags and constants. (#8813) diff -r 42599de6a4de -r 1508c4c9e747 Doc/whatsnew/3.4.rst --- a/Doc/whatsnew/3.4.rst Sun Mar 09 14:47:58 2014 -0700 +++ b/Doc/whatsnew/3.4.rst Sun Mar 09 17:01:34 2014 -0400 @@ -1305,6 +1305,14 @@ ``X509v3`` extension items: ``crlDistributionPoints``, ``calIssuers``, and ``OCSP`` URIs. (Contributed by Christian Heimes in :issue:`18379`.) +If OpenSSL 0.9.8 or later is available, :class:`~ssl.SSLContext` has an new +attribute :attr:`~ssl.SSLContext.verify_flags` that can be used to control the +certificate verification process by setting it to some combination of the new +constants :data:`~ssl.VERIFY_DEFAULT`, :data:`~ssl.VERIFY_CRL_CHECK_LEAF`, +:data:`~ssl.VERIFY_CRL_CHECK_CHAIN`, or :data:`~ssl.VERIFY_X509_STRICT`. +OpenSSL does not do any CRL verification by default. (Contributed by +Christien Heimes in :issue:`8813`.) + stat ---- /rdmurray@bitdance.com