bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag (GH-20463)

This short PR exposes an openssl flag that wasn't exposed. I've also updated to doc to reflect the change. It's heavily inspired by 990fcaac3c428569697f62a80fd95ab4d4b93151.
author: l0x <37248016+l0x-c0d3z@users.noreply.github.com> 2021-04-19 11:51:18 (GMT)
committer: GitHub <noreply@github.com> 2021-04-19 11:51:18 (GMT)
commit: 64d975202f7a91cb8c61a050fafb4e934fcbaa4e (patch)
tree: 82da5e11cebb3462224f2afbfd8c9e40b8823961 /Doc/library
parent: d37b74f341c5a215e2fdd5eb4f8c0182f327635c (diff)
download: cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.zip
cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.tar.gz
cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.tar.bz2
1 files changed, 11 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index c954d9c..b9e5435 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst
@@ -650,6 +650,17 @@ Constants
 
    .. versionadded:: 3.4.4
 
+.. data:: VERIFY_X509_PARTIAL_CHAIN
+
+   Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to
+   accept intermediate CAs in the trust store to be treated as trust-anchors,
+   in the same way as the self-signed root CA certificates. This makes it
+   possible to trust certificates issued by an intermediate CA without having
+   to trust its ancestor root CA.
+
+   .. versionadded:: 3.10
+
+
 .. class:: VerifyFlags
 
    :class:`enum.IntFlag` collection of VERIFY_* constants.
author	l0x <37248016+l0x-c0d3z@users.noreply.github.com>	2021-04-19 11:51:18 (GMT)
committer	GitHub <noreply@github.com>	2021-04-19 11:51:18 (GMT)
commit	64d975202f7a91cb8c61a050fafb4e934fcbaa4e (patch)
tree	82da5e11cebb3462224f2afbfd8c9e40b8823961 /Doc/library
parent	d37b74f341c5a215e2fdd5eb4f8c0182f327635c (diff)
download	cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.zip cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.tar.gz cpython-64d975202f7a91cb8c61a050fafb4e934fcbaa4e.tar.bz2