bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag (GH-20463) This short PR exposes an openssl flag that wasn't exposed. I've also updated to doc to reflect the change. It's heavily inspired by 990fcaac3c428569697f62a80fd95ab4d4b93151.

commit: 64d975202f7a91cb8c61a050fafb4e934fcbaa4e [log] [tgz]
author: l0x <37248016+l0x-c0d3z@users.noreply.github.com> Mon Apr 19 13:51:18 2021 +0200
committer: GitHub <noreply@github.com> Mon Apr 19 04:51:18 2021 -0700
tree: 82da5e11cebb3462224f2afbfd8c9e40b8823961
parent: d37b74f341c5a215e2fdd5eb4f8c0182f327635c [diff]
diff --git a/Doc/library/ssl.rst b/Doc/library/ssl.rst
index c954d9c..b9e5435 100644
--- a/Doc/library/ssl.rst
+++ b/Doc/library/ssl.rst

@@ -650,6 +650,17 @@
 
    .. versionadded:: 3.4.4
 
+.. data:: VERIFY_X509_PARTIAL_CHAIN
+
+   Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to
+   accept intermediate CAs in the trust store to be treated as trust-anchors,
+   in the same way as the self-signed root CA certificates. This makes it
+   possible to trust certificates issued by an intermediate CA without having
+   to trust its ancestor root CA.
+
+   .. versionadded:: 3.10
+
+
 .. class:: VerifyFlags
 
    :class:`enum.IntFlag` collection of VERIFY_* constants.
commit	64d975202f7a91cb8c61a050fafb4e934fcbaa4e	[log] [tgz]
author	l0x <37248016+l0x-c0d3z@users.noreply.github.com>	Mon Apr 19 13:51:18 2021 +0200
committer	GitHub <noreply@github.com>	Mon Apr 19 04:51:18 2021 -0700
tree	82da5e11cebb3462224f2afbfd8c9e40b8823961
parent	d37b74f341c5a215e2fdd5eb4f8c0182f327635c [diff]