whatsnew: SSLContext.verify_flags and constants. (#8813)

author: R David Murray <rdmurray@bitdance.com> 2014-03-09 21:01:34 (GMT)
committer: R David Murray <rdmurray@bitdance.com> 2014-03-09 21:01:34 (GMT)
commit: 6978722828b5be0ad1ce562acf660033c93e034e (patch)
tree: 5b2bb8001e3808993afa0a31806bb5f6816b6b4e /Doc
parent: e5127299c86666080c50e8b7c76e70c3b968ada2 (diff)
download: cpython-6978722828b5be0ad1ce562acf660033c93e034e.zip
cpython-6978722828b5be0ad1ce562acf660033c93e034e.tar.gz
cpython-6978722828b5be0ad1ce562acf660033c93e034e.tar.bz2
1 files changed, 8 insertions, 0 deletions
diff --git a/Doc/whatsnew/3.4.rst b/Doc/whatsnew/3.4.rst
index d63d769..dac4525 100644
--- a/Doc/whatsnew/3.4.rst
+++ b/Doc/whatsnew/3.4.rst
@@ -1305,6 +1305,14 @@ The dictionary returned by :meth:`.SSLSocket.getpeercert` contains additional
 ``X509v3`` extension items: ``crlDistributionPoints``, ``calIssuers``, and
 ``OCSP`` URIs.  (Contributed by Christian Heimes in :issue:`18379`.)
 
+If OpenSSL 0.9.8 or later is available, :class:`~ssl.SSLContext` has an new
+attribute :attr:`~ssl.SSLContext.verify_flags` that can be used to control the
+certificate verification process by setting it to some combination of the new
+constants :data:`~ssl.VERIFY_DEFAULT`, :data:`~ssl.VERIFY_CRL_CHECK_LEAF`,
+:data:`~ssl.VERIFY_CRL_CHECK_CHAIN`, or :data:`~ssl.VERIFY_X509_STRICT`.
+OpenSSL does not do any CRL verification by default.  (Contributed by
+Christien Heimes in :issue:`8813`.)
+
 
 stat
 ----
author	R David Murray <rdmurray@bitdance.com>	2014-03-09 21:01:34 (GMT)
committer	R David Murray <rdmurray@bitdance.com>	2014-03-09 21:01:34 (GMT)
commit	6978722828b5be0ad1ce562acf660033c93e034e (patch)
tree	5b2bb8001e3808993afa0a31806bb5f6816b6b4e /Doc
parent	e5127299c86666080c50e8b7c76e70c3b968ada2 (diff)
download	cpython-6978722828b5be0ad1ce562acf660033c93e034e.zip cpython-6978722828b5be0ad1ce562acf660033c93e034e.tar.gz cpython-6978722828b5be0ad1ce562acf660033c93e034e.tar.bz2