diff options
| author | William Woodruff <william@yossarian.net> | 2024-03-06 21:44:58 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-06 21:44:58 (GMT) |
| commit | 0876b921b28bb14e3fa61b188e52fc9b4c77cb1a (patch) | |
| tree | 62bc49024ede52d872ea9a270390bb338709b653 /.gitattributes | |
| parent | ea1803e608a7aaf9cf2c07e510d8540d46d3b9ad (diff) | |
| download | cpython-0876b921b28bb14e3fa61b188e52fc9b4c77cb1a.zip cpython-0876b921b28bb14e3fa61b188e52fc9b4c77cb1a.tar.gz cpython-0876b921b28bb14e3fa61b188e52fc9b4c77cb1a.tar.bz2 | |
gh-107361: strengthen default SSL context flags (#112389)
This adds `VERIFY_X509_STRICT` to make the default
SSL context perform stricter (per RFC 5280) validation, as well
as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant
path-building behavior.
As part of this changeset, I had to tweak `make_ssl_certs.py`
slightly to emit 5280-conforming CA certs. This changeset includes
the regenerated certificates after that change.
Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Victor Stinner <vstinner@python.org>
Diffstat (limited to '.gitattributes')
| -rw-r--r-- | .gitattributes | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/.gitattributes b/.gitattributes index 4f82cea..5b81d2c 100644 --- a/.gitattributes +++ b/.gitattributes @@ -83,6 +83,8 @@ Include/opcode_ids.h generated Include/token.h generated Lib/_opcode_metadata.py generated Lib/keyword.py generated +Lib/test/certdata/*.pem generated +Lib/test/certdata/*.0 generated Lib/test/levenshtein_examples.json generated Lib/test/test_stable_abi_ctypes.py generated Lib/token.py generated |