diff options
| author | l0x <37248016+l0x-c0d3z@users.noreply.github.com> | 2021-04-19 11:51:18 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-04-19 11:51:18 (GMT) |
| commit | 64d975202f7a91cb8c61a050fafb4e934fcbaa4e (patch) | |
| tree | 82da5e11cebb3462224f2afbfd8c9e40b8823961 | |
| parent | d37b74f341c5a215e2fdd5eb4f8c0182f327635c (diff) | |
| download | cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.zip cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.tar.gz cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.tar.bz2 | |
bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag (GH-20463)
This short PR exposes an openssl flag that wasn't exposed. I've also updated to doc to reflect the change. It's heavily inspired by 990fcaac3c428569697f62a80fd95ab4d4b93151.
| -rw-r--r-- | Doc/library/ssl.rst | 11 | ||||
| -rw-r--r-- | Misc/ACKS | 1 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2020-06-02-21-32-33.bpo-40849.zpeKx3.rst | 1 | ||||
| -rw-r--r-- | Modules/_ssl.c | 5 |
4 files changed, 18 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index c954d9c..b9e5435 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -650,6 +650,17 @@ Constants .. versionadded:: 3.4.4 +.. data:: VERIFY_X509_PARTIAL_CHAIN + + Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to + accept intermediate CAs in the trust store to be treated as trust-anchors, + in the same way as the self-signed root CA certificates. This makes it + possible to trust certificates issued by an intermediate CA without having + to trust its ancestor root CA. + + .. versionadded:: 3.10 + + .. class:: VerifyFlags :class:`enum.IntFlag` collection of VERIFY_* constants. @@ -157,6 +157,7 @@ Michel Van den Bergh Julian Berman Brice Berna Olivier Bernard +Vivien Bernet-Rollande Maxwell Bernstein Eric Beser Steven Bethard diff --git a/Misc/NEWS.d/next/Library/2020-06-02-21-32-33.bpo-40849.zpeKx3.rst b/Misc/NEWS.d/next/Library/2020-06-02-21-32-33.bpo-40849.zpeKx3.rst new file mode 100644 index 0000000..032a65d --- /dev/null +++ b/Misc/NEWS.d/next/Library/2020-06-02-21-32-33.bpo-40849.zpeKx3.rst @@ -0,0 +1 @@ +Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 934c59e..4b84014 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -5630,6 +5630,11 @@ sslmodule_init_constants(PyObject *m) PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST", X509_V_FLAG_TRUSTED_FIRST); +#ifdef X509_V_FLAG_PARTIAL_CHAIN + PyModule_AddIntConstant(m, "VERIFY_X509_PARTIAL_CHAIN", + X509_V_FLAG_PARTIAL_CHAIN); +#endif + /* Alert Descriptions from ssl.h */ /* note RESERVED constants no longer intended for use have been removed */ /* http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-6 */ |