New submission from l0x <l...@protonmail.com>:
This simple patch exposes OpenSSL's X509_V_FLAG_PARTIAL_CHAIN if it is defined. This lets us trust a certificate if it is signed by a certificate in the trust store, even if that CA is not a root CA. It makes it possible to trust an intermediate CA without trusting the root and all the other intermediate CAs it has signed. ---------- assignee: christian.heimes components: SSL messages: 370621 nosy: christian.heimes, l0x priority: normal pull_requests: 19828 severity: normal status: open title: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag type: enhancement _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40849> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
