commit | ef24b6c54d40e7820456873a6eab6ef57d2bd0db | [log] [tgz] |
---|---|---|
author | Christian Heimes <christian@python.org> | Tue Jun 12 00:59:45 2018 +0200 |
committer | Ned Deily <nad@python.org> | Mon Jun 11 18:59:45 2018 -0400 |
tree | 453f2603e01d16c2be2e5b280e0fc70c6061bbb5 | |
parent | 4b704f29f5a0b6f6d7bd67468ed004bd3a96855d [diff] |
bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530) The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were misleading and partly wrong. It fails to explain that OpenSSL behaves differently in client and server mode. Also OpenSSL does validate the cert chain everytime. With SSL_VERIFY_NONE a validation error is not fatal in client mode and does not request a client cert in server mode. Also discourage people from using CERT_OPTIONAL in client mode.