diff options
| -rw-r--r-- | Doc/library/ssl.rst | 7 | ||||
| -rw-r--r-- | Lib/test/test_ssl.py | 2 | ||||
| -rw-r--r-- | Misc/NEWS.d/next/Library/2020-01-15-11-15-35.bpo-39342.S8PuJO.rst | 4 | ||||
| -rw-r--r-- | Modules/_ssl.c | 2 |
4 files changed, 15 insertions, 0 deletions
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst index 1cfd165..1adac84 100644 --- a/Doc/library/ssl.rst +++ b/Doc/library/ssl.rst @@ -634,6 +634,13 @@ Constants .. versionadded:: 3.4 +.. data:: VERIFY_ALLOW_PROXY_CERTS + + Possible value for :attr:`SSLContext.verify_flags` to enables proxy + certificate verification. + + .. versionadded:: 3.10 + .. data:: VERIFY_X509_TRUSTED_FIRST Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 67850c3..1710dda 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -1305,6 +1305,8 @@ class ContextTests(unittest.TestCase): self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_CHAIN) ctx.verify_flags = ssl.VERIFY_DEFAULT self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT) + ctx.verify_flags = ssl.VERIFY_ALLOW_PROXY_CERTS + self.assertEqual(ctx.verify_flags, ssl.VERIFY_ALLOW_PROXY_CERTS) # supports any value ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT self.assertEqual(ctx.verify_flags, diff --git a/Misc/NEWS.d/next/Library/2020-01-15-11-15-35.bpo-39342.S8PuJO.rst b/Misc/NEWS.d/next/Library/2020-01-15-11-15-35.bpo-39342.S8PuJO.rst new file mode 100644 index 0000000..6eb83a9 --- /dev/null +++ b/Misc/NEWS.d/next/Library/2020-01-15-11-15-35.bpo-39342.S8PuJO.rst @@ -0,0 +1,4 @@ +Expose ``X509_V_FLAG_ALLOW_PROXY_CERTS`` as +:data:`~ssl.VERIFY_ALLOW_PROXY_CERTS` to allow proxy certificate validation +as explained in +https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 96d2796..bea144c 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -6181,6 +6181,8 @@ sslmodule_init_constants(PyObject *m) X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL); PyModule_AddIntConstant(m, "VERIFY_X509_STRICT", X509_V_FLAG_X509_STRICT); + PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS", + X509_V_FLAG_ALLOW_PROXY_CERTS); #ifdef X509_V_FLAG_TRUSTED_FIRST PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST", X509_V_FLAG_TRUSTED_FIRST); |