[issue20000] SSLContext.get_ca_certs() and self-signed certs
Christian Heimes
report at bugs.python.org
Tue Dec 17 13:03:40 CET 2013
Christian Heimes added the comment:
> Interesting. Is it because of the way you implemented get_ca_certs()?
Yes, it's the line
http://hg.python.org/cpython/file/b78de8029606/Modules/_ssl.c#l3103
that skips all certs that are not recognized as CA certs. I wasn't aware
that OpenSSL supports self-signed certs that way.
> Can you explain? What does "check_ca" mean?
The return value of X509_check_ca().
http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/x509v3/v3_purp.c;h=6c40c7dfc318e4b46fc20d38581ad3656e344b5e;hb=HEAD#l517
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue20000>
_______________________________________
More information about the Python-bugs-list
mailing list