diff options
| author | Christian Heimes <christian@python.org> | 2018-06-11 22:59:45 (GMT) |
|---|---|---|
| committer | Ned Deily <nad@python.org> | 2018-06-11 22:59:45 (GMT) |
| commit | ef24b6c54d40e7820456873a6eab6ef57d2bd0db (patch) | |
| tree | 453f2603e01d16c2be2e5b280e0fc70c6061bbb5 /Modules/_ssl.c | |
| parent | 4b704f29f5a0b6f6d7bd67468ed004bd3a96855d (diff) | |
| download | cpython-ef24b6c54d40e7820456873a6eab6ef57d2bd0db.zip cpython-ef24b6c54d40e7820456873a6eab6ef57d2bd0db.tar.gz cpython-ef24b6c54d40e7820456873a6eab6ef57d2bd0db.tar.bz2 | |
bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530)
The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
Diffstat (limited to 'Modules/_ssl.c')
| -rw-r--r-- | Modules/_ssl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 2bce481..00d648d 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2066,7 +2066,7 @@ static int PySSL_set_context(PySSLSocket *self, PyObject *value, SSL_set_SSL_CTX(self->ssl, self->ctx->ctx); #endif } else { - PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext"); + PyErr_SetString(PyExc_TypeError, "The value must be an SSLContext."); return -1; } @@ -2725,7 +2725,7 @@ static int PySSL_set_session(PySSLSocket *self, PyObject *value, int result; if (!PySSLSession_Check(value)) { - PyErr_SetString(PyExc_TypeError, "Value is not a SSLSession."); + PyErr_SetString(PyExc_TypeError, "Value is not an SSLSession."); return -1; } pysess = (PySSLSession *)value; |