From c3d9c5ca0a74f0eedc228640977d6be1c2ddc176 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Wed, 4 Mar 2015 23:18:48 -0500 Subject: [PATCH 1/2] adjust test_crl_check for trusted first being default --- Lib/test/test_ssl.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py index 6353e230d60..779b622d840 100644 --- a/Lib/test/test_ssl.py +++ b/Lib/test/test_ssl.py @@ -2007,7 +2007,8 @@ else: context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(SIGNING_CA) - self.assertEqual(context.verify_flags, ssl.VERIFY_DEFAULT) + tf = getattr(ssl, "VERIFY_X509_TRUSTED_FIRST", 0) + self.assertEqual(context.verify_flags, ssl.VERIFY_DEFAULT | tf) # VERIFY_DEFAULT should pass server = ThreadedEchoServer(context=server_context, chatty=True) From 7bcf9a558817a4fce48b81cd9696aff9b961d978 Mon Sep 17 00:00:00 2001 From: Benjamin Peterson Date: Wed, 4 Mar 2015 23:18:57 -0500 Subject: [PATCH 2/2] use _import_symbols to import VERIFY_* constants --- Lib/ssl.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Lib/ssl.py b/Lib/ssl.py index 72115e4465b..ec42e38d086 100644 --- a/Lib/ssl.py +++ b/Lib/ssl.py @@ -103,8 +103,6 @@ from _ssl import ( SSLSyscallError, SSLEOFError, ) from _ssl import CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED -from _ssl import (VERIFY_DEFAULT, VERIFY_CRL_CHECK_LEAF, VERIFY_CRL_CHECK_CHAIN, - VERIFY_X509_STRICT) from _ssl import txt2obj as _txt2obj, nid2obj as _nid2obj from _ssl import RAND_status, RAND_add, RAND_bytes, RAND_pseudo_bytes try: @@ -122,6 +120,7 @@ _import_symbols('OP_') _import_symbols('ALERT_DESCRIPTION_') _import_symbols('SSL_ERROR_') _import_symbols('PROTOCOL_') +_import_symbols('VERIFY_') from _ssl import HAS_SNI, HAS_ECDH, HAS_NPN