traverseda
/
cpython
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

bpo-39342: Expose X509_V_FLAG_ALLOW_PROXY_CERTS as ssl.VERIFY_ALLOW_PROXY_CERTS

This commit is contained in:
Chris Burr 2020-01-15 11:16:27 +01:00
parent 550e4673be
commit 89c354c941
4 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Doc/library/ssl.rst
View File

@ -634,6 +634,13 @@ Constants
.. versionadded:: 3.4
.. data:: VERIFY_ALLOW_PROXY_CERTS
Possible value for :attr:`SSLContext.verify_flags` to enables proxy
certificate verification.
.. versionadded:: 3.9
.. data:: VERIFY_X509_TRUSTED_FIRST
Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to

2
Lib/test/test_ssl.py
View File

@ -1305,6 +1305,8 @@ class ContextTests(unittest.TestCase):
self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_CHAIN)
ctx.verify_flags = ssl.VERIFY_DEFAULT
self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT)
ctx.verify_flags = ssl.VERIFY_ALLOW_PROXY_CERTS
self.assertEqual(ctx.verify_flags, ssl.VERIFY_ALLOW_PROXY_CERTS)
# supports any value
ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT
self.assertEqual(ctx.verify_flags,

4
Misc/NEWS.d/next/Library/2020-01-15-11-15-35.bpo-39342.S8PuJO.rst Normal file
View File

@ -0,0 +1,4 @@
Expose ``X509_V_FLAG_ALLOW_PROXY_CERTS`` as
:data:`~ssl.VERIFY_ALLOW_PROXY_CERTS` to allow proxy certificate validation
as explained in
https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html.

2
Modules/_ssl.c
View File

@ -6181,6 +6181,8 @@ sslmodule_init_constants(PyObject *m)
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
X509_V_FLAG_X509_STRICT);
PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS",
X509_V_FLAG_ALLOW_PROXY_CERTS);
#ifdef X509_V_FLAG_TRUSTED_FIRST
PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
X509_V_FLAG_TRUSTED_FIRST);