This commit is contained in:
Benjamin Peterson 2015-03-04 22:11:48 -05:00
commit b64ae7bf2d
2 changed files with 12 additions and 0 deletions

View File

@ -13,6 +13,9 @@ Core and Builtins
Library
-------
- Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST
flag on certificate stores when it is available.
- Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the
SSL layer but the underlying connection hasn't been closed.

View File

@ -2199,6 +2199,15 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
sizeof(SID_CTX));
#undef SID_CTX
#ifdef X509_V_FLAG_TRUSTED_FIRST
{
/* Improve trust chain building when cross-signed intermediate
certificates are present. See https://bugs.python.org/issue23476. */
X509_STORE *store = SSL_CTX_get_cert_store(self->ctx);
X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
}
#endif
return (PyObject *)self;
}