commit a5db479ac4cdcc0d94ec1d7a594720a651d90433
author Miss Islington (bot) <31488909+miss-islington@users.noreply.github.com> Mon Jun 11 16:20:24 2018 -0700
committer Ned Deily <nad@python.org> Mon Jun 11 19:20:24 2018 -0400
tree 4af8b660b61ba0de58f5fbdda00f16b96aa498d2
parent 6530577e29a9679c7e4c7ba7adf1c02393d2ad13

bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) (GH-7649)

The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
(cherry picked from commit ef24b6c54d40e7820456873a6eab6ef57d2bd0db)

Co-authored-by: Christian Heimes <christian@python.org>

Modules/_ssl.c

diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index bf379f0..991b38a 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2067,7 +2067,7 @@
         SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
 #endif
     } else {
-        PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext");
+        PyErr_SetString(PyExc_TypeError, "The value must be an SSLContext.");
         return -1;
     }
 
@@ -2726,7 +2726,7 @@
     int result;
 
     if (!PySSLSession_Check(value)) {
-        PyErr_SetString(PyExc_TypeError, "Value is not a SSLSession.");
+        PyErr_SetString(PyExc_TypeError, "Value is not an SSLSession.");
         return -1;
     }
     pysess = (PySSLSession *)value;