cpython

Commit Graph

Author	SHA1	Message	Date
William Woodruff	0876b921b2	gh-107361: strengthen default SSL context flags (#112389 ) This adds `VERIFY_X509_STRICT` to make the default SSL context perform stricter (per RFC 5280) validation, as well as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant path-building behavior. As part of this changeset, I had to tweak `make_ssl_certs.py` slightly to emit 5280-conforming CA certs. This changeset includes the regenerated certificates after that change. Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Victor Stinner <vstinner@python.org>	2024-03-06 13:44:58 -08:00
Nikita Sobolev	e57ecf6bbc	gh-108303: Move all certificates to `Lib/test/certdata/` (#109489 )	2023-09-16 18:47:18 +02:00

Author

SHA1

Message

Date

William Woodruff

0876b921b2

gh-107361: strengthen default SSL context flags (#112389 )

This adds `VERIFY_X509_STRICT` to make the default
SSL context perform stricter (per RFC 5280) validation, as well
as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant
path-building behavior.

As part of this changeset, I had to tweak `make_ssl_certs.py`
slightly to emit 5280-conforming CA certs. This changeset includes
the regenerated certificates after that change.

Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Victor Stinner <vstinner@python.org>

2024-03-06 13:44:58 -08:00

Nikita Sobolev

e57ecf6bbc

gh-108303: Move all certificates to `Lib/test/certdata/` (#109489 )

2023-09-16 18:47:18 +02:00

2 Commits