Christian Heimes added the comment: As expected it is much harder to get the full certification chain from OpenSSL than I initially expected. SSL_get_peer_cert_chain() doesn't return the root CA's certificate. The new patch introduces a validation mode and uses X509_verify_cert(*X509_STORE_CTX) + X509_STORE_CTX_get1_chain() to build a full chain.
---------- Added file: http://bugs.python.org/file30622/ssl_peerchertchain2.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18233> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
