bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7649) The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were misleading and partly wrong. It fails to explain that OpenSSL behaves differently in client and server mode. Also OpenSSL does validate the cert chain everytime. With SSL_VERIFY_NONE a validation error is not fatal in client mode and does not request a client cert in server mode. Also discourage people from using CERT_OPTIONAL in client mode. (cherry picked from commit ef24b6c54d40e7820456873a6eab6ef57d2bd0db) Co-authored-by: Christian Heimes <christian@python.org>

commit: a5db479ac4cdcc0d94ec1d7a594720a651d90433 [log] [tgz]
author: Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Mon Jun 11 16:20:24 2018 -0700
committer: Ned Deily <nad@python.org> Mon Jun 11 19:20:24 2018 -0400
tree: 4af8b660b61ba0de58f5fbdda00f16b96aa498d2
parent: 6530577e29a9679c7e4c7ba7adf1c02393d2ad13 [diff] [blame]
diff --git a/Lib/test/test_ssl.py b/Lib/test/test_ssl.py
index 7bbaa9f..b704b78 100644
--- a/Lib/test/test_ssl.py
+++ b/Lib/test/test_ssl.py

@@ -4101,7 +4101,9 @@
                 self.assertTrue(session)
                 with self.assertRaises(TypeError) as e:
                     s.session = object
-                self.assertEqual(str(e.exception), 'Value is not a SSLSession.')
+                self.assertEqual(
+                    str(e.exception), 'Value is not an SSLSession.'
+                )
 
             with client_context.wrap_socket(socket.socket(),
                                             server_hostname=hostname) as s:
commit	a5db479ac4cdcc0d94ec1d7a594720a651d90433	[log] [tgz]
author	Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com>	Mon Jun 11 16:20:24 2018 -0700
committer	Ned Deily <nad@python.org>	Mon Jun 11 19:20:24 2018 -0400
tree	4af8b660b61ba0de58f5fbdda00f16b96aa498d2
parent	6530577e29a9679c7e4c7ba7adf1c02393d2ad13 [diff] [blame]