mirror of https://github.com/python/cpython
0876b921b2
This adds `VERIFY_X509_STRICT` to make the default SSL context perform stricter (per RFC 5280) validation, as well as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant path-building behavior. As part of this changeset, I had to tweak `make_ssl_certs.py` slightly to emit 5280-conforming CA certs. This changeset includes the regenerated certificates after that change. Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Victor Stinner <vstinner@python.org> |
||
|---|---|---|
| .. | ||
| capath | ||
| allsans.pem | ||
| badcert.pem | ||
| badkey.pem | ||
| ffdh3072.pem | ||
| idnsans.pem | ||
| keycert.passwd.pem | ||
| keycert.pem | ||
| keycert2.pem | ||
| keycert3.pem | ||
| keycert4.pem | ||
| keycertecc.pem | ||
| leaf-missing-aki.ca.pem | ||
| leaf-missing-aki.keycert.pem | ||
| make_ssl_certs.py | ||
| nokia.pem | ||
| nosan.pem | ||
| nullbytecert.pem | ||
| nullcert.pem | ||
| pycacert.pem | ||
| pycakey.pem | ||
| revocation.crl | ||
| secp384r1.pem | ||
| selfsigned_pythontestdotnet.pem | ||
| ssl_cert.pem | ||
| ssl_key.passwd.pem | ||
| ssl_key.pem | ||
| talos-2019-0758.pem | ||