merge 3.4 (#23476)

author: Benjamin Peterson <benjamin@python.org> 2015-03-05 03:11:48 (GMT)
committer: Benjamin Peterson <benjamin@python.org> 2015-03-05 03:11:48 (GMT)
commit: b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0 (patch)
tree: 680f42ee0cf90cc88c41af0727fb1fa94cc09453 /Modules
parent: 2f0441f03f71c658148bff60be46585f56670d1f (diff)
parent: fdb19715879babc580f63bc129f5b0ff46482d1c (diff)
download: cpython-b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0.zip
cpython-b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0.tar.gz
cpython-b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0.tar.bz2
1 files changed, 9 insertions, 0 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 4f23097..af68b94 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2199,6 +2199,15 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
                                    sizeof(SID_CTX));
 #undef SID_CTX
 
+#ifdef X509_V_FLAG_TRUSTED_FIRST
+    {
+        /* Improve trust chain building when cross-signed intermediate
+           certificates are present. See https://bugs.python.org/issue23476. */
+        X509_STORE *store = SSL_CTX_get_cert_store(self->ctx);
+        X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
+    }
+#endif
+
     return (PyObject *)self;
 }
author	Benjamin Peterson <benjamin@python.org>	2015-03-05 03:11:48 (GMT)
committer	Benjamin Peterson <benjamin@python.org>	2015-03-05 03:11:48 (GMT)
commit	b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0 (patch)
tree	680f42ee0cf90cc88c41af0727fb1fa94cc09453 /Modules
parent	2f0441f03f71c658148bff60be46585f56670d1f (diff)
parent	fdb19715879babc580f63bc129f5b0ff46482d1c (diff)
download	cpython-b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0.zip cpython-b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0.tar.gz cpython-b64ae7bf2dcc010e6f0414d365e1ee4caba58ef0.tar.bz2