merge 3.4 (#23476)
This commit is contained in:
commit
b64ae7bf2d
|
@ -13,6 +13,9 @@ Core and Builtins
|
|||
Library
|
||||
-------
|
||||
|
||||
- Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST
|
||||
flag on certificate stores when it is available.
|
||||
|
||||
- Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the
|
||||
SSL layer but the underlying connection hasn't been closed.
|
||||
|
||||
|
|
|
@ -2199,6 +2199,15 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
|
|||
sizeof(SID_CTX));
|
||||
#undef SID_CTX
|
||||
|
||||
#ifdef X509_V_FLAG_TRUSTED_FIRST
|
||||
{
|
||||
/* Improve trust chain building when cross-signed intermediate
|
||||
certificates are present. See https://bugs.python.org/issue23476. */
|
||||
X509_STORE *store = SSL_CTX_get_cert_store(self->ctx);
|
||||
X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
|
||||
}
|
||||
#endif
|
||||
|
||||
return (PyObject *)self;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue