[issue28671] SSL server requesting client certificates should send CA list

Changes by Christian Heimes : -- assignee: christian.heimes -> stage: -> needs patch versions: +Python 3.7 ___ Python tracker ___ __

[issue28671] SSL server requesting client certificates should send CA list

Christian Heimes added the comment: It sounds like a sensible request. Documentation links: https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_client_CA_list(3) https://wiki.openssl.org/index.php/Manual:SSL_load_client_CA_file(3) -- nosy: +alex, dstufft, janssen ___

[issue28671] SSL server requesting client certificates should send CA list

New submission from Kevin Chen: When a Python HTTPS server requests client certificates, it should send a CA list so the client knows which certificates are acceptable. It looks like right now Python calls SSL_CTX_load_verify_locations, so once the client certificate is sent, Python can verify