expose X509_V_FLAG_TRUSTED_FIRST

commit: 72ef9610593bfee5f504f9070482a265ac5eac69 [log] [tgz]
author: Benjamin Peterson <benjamin@python.org> Wed Mar 04 22:49:41 2015 -0500
committer: Benjamin Peterson <benjamin@python.org> Wed Mar 04 22:49:41 2015 -0500
tree: 33837c10c7d44aa8a631d435140f73453e89003a
parent: b1ebba5bd569ede9b6f9573d6618fb3a6abddae5 [diff] [blame]
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index b261eee..d328c2b 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst

@@ -482,9 +482,9 @@
 
 .. data:: VERIFY_DEFAULT
 
-   Possible value for :attr:`SSLContext.verify_flags`. In this mode,
-   certificate revocation lists (CRLs) are not checked. By default OpenSSL
-   does neither require nor verify CRLs.
+   Possible value for :attr:`SSLContext.verify_flags`. In this mode, certificate
+   revocation lists (CRLs) are not checked. By default OpenSSL does neither
+   require nor verify CRLs.
 
    .. versionadded:: 2.7.9
 
@@ -512,6 +512,14 @@
 
    .. versionadded:: 2.7.9
 
+.. data:: VERIFY_X509_TRUSTED_FIRST
+
+   Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to
+   prefer trusted certificates when building the trust chain to validate a
+   certificate. This flag is enabled by default.
+
+   .. versionadded:: 2.7.10
+
 .. data:: PROTOCOL_SSLv23
 
    Selects the highest protocol version that both the client and server support.
commit	72ef9610593bfee5f504f9070482a265ac5eac69	[log] [tgz]
author	Benjamin Peterson <benjamin@python.org>	Wed Mar 04 22:49:41 2015 -0500
committer	Benjamin Peterson <benjamin@python.org>	Wed Mar 04 22:49:41 2015 -0500
tree	33837c10c7d44aa8a631d435140f73453e89003a
parent	b1ebba5bd569ede9b6f9573d6618fb3a6abddae5 [diff] [blame]