diff options
| author | Benjamin Peterson <benjamin@python.org> | 2015-03-05 03:49:41 (GMT) |
|---|---|---|
| committer | Benjamin Peterson <benjamin@python.org> | 2015-03-05 03:49:41 (GMT) |
| commit | 990fcaac3c428569697f62a80fd95ab4d4b93151 (patch) | |
| tree | 5bcaae3384ac88a2749f9422f72708c6a2faa1e7 /Doc | |
| parent | fdb19715879babc580f63bc129f5b0ff46482d1c (diff) | |
| download | cpython-990fcaac3c428569697f62a80fd95ab4d4b93151.zip cpython-990fcaac3c428569697f62a80fd95ab4d4b93151.tar.gz cpython-990fcaac3c428569697f62a80fd95ab4d4b93151.tar.bz2 | |
expose X509_V_FLAG_TRUSTED_FIRST
Diffstat (limited to 'Doc')
| -rw-r--r-- | Doc/library/ssl.rst | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 015e0db..bb30d0f 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -499,9 +499,9 @@ Constants .. data:: VERIFY_DEFAULT - Possible value for :attr:`SSLContext.verify_flags`. In this mode, - certificate revocation lists (CRLs) are not checked. By default OpenSSL - does neither require nor verify CRLs. + Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate + revocation lists (CRLs) are not checked. By default OpenSSL does neither + require nor verify CRLs. .. versionadded:: 3.4 @@ -529,6 +529,14 @@ Constants .. versionadded:: 3.4 +.. data:: VERIFY_X509_TRUSTED_FIRST + + Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to + prefer trusted certificates when building the trust chain to validate a + certificate. This flag is enabled by default. + + .. versionadded:: 3.4.5 + .. data:: PROTOCOL_SSLv23 Selects the highest protocol version that both the client and server support. |