[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

Change by Christian Heimes : -- assignee: christian.heimes -> components: -Extension Modules priority: normal -> low versions: +Python 3.8 -Python 3.7 ___ Python tracker ___ _

[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

Christian Heimes added the comment: I'd rather not overload cadata with cert and CRL loading. It makes both code and usage messy. How about crldata argument? This would be a new feature, though. -- versions: -Python 3.6 ___ Python tracker

[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

Changes by Christian Heimes : -- assignee: -> christian.heimes components: +SSL ___ Python tracker ___ ___ Python-bugs-list mailing l

[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

Changes by Christian Heimes : -- stage: -> needs patch type: -> behavior versions: +Python 3.6, Python 3.7 -Python 3.4 ___ Python tracker ___ __

[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

Ralph Broenink added the comment: Here's a minimal example of the issue, assuming you have obtained a CRL in PEM format, e.g. from https://www.emulab.net/genicrl.bundle: import ssl context = ssl.create_default_context() path = 'path/to/crl.crl' # Working: context.load_ver

[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

Changes by Alex Gaynor : -- nosy: +alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou ___ Python tracker ___ ___ Pytho

[issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs

New submission from Ralph Broenink: Issue #18138 added support for the cadata argument in SSLContext.load_verify_locations. However, this argument does not support certificate revocation lists (CRLs) to be added (at least not in PEM format): ssl.SSLError: [PEM: NO_START_LINE] no start line