New submission from Christian Heimes: The new method SSLContext.get_ca_certs() returns all certificates in the context's trusted X509_STORE. I recently found out that it is possible to put a self-signed certificate into the store and use it successfully with verify_mode CERT_REQUIRED. get_ca_certs() doesn't return the cert although it is used to successfully validate a remote cert.
I propose to modify and rename the function and to add a "check_ca" to the dict that is returned by getpeercert(). ---------- components: Extension Modules messages: 206347 nosy: christian.heimes priority: normal severity: normal stage: test needed status: open title: SSLContext.get_ca_certs() and self-signed certs type: behavior versions: Python 3.4 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20000> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com