Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / cpython3 / ef24b6c54d40e7820456873a6eab6ef57d2bd0db
commitef24b6c54d40e7820456873a6eab6ef57d2bd0db[log] [tgz]
authorChristian Heimes <christian@python.org>Tue Jun 12 00:59:45 2018 +0200
committerNed Deily <nad@python.org>Mon Jun 11 18:59:45 2018 -0400
tree453f2603e01d16c2be2e5b280e0fc70c6061bbb5
parent4b704f29f5a0b6f6d7bd67468ed004bd3a96855d [diff]
bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530)

The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
4 files changed
tree: 453f2603e01d16c2be2e5b280e0fc70c6061bbb5
  1. .github/
  2. .vsts/
  3. Doc/
  4. Grammar/
  5. Include/
  6. Lib/
  7. m4/
  8. Mac/
  9. Misc/
  10. Modules/
  11. Objects/
  12. Parser/
  13. PC/
  14. PCbuild/
  15. Programs/
  16. Python/
  17. Tools/
  18. .gitattributes
  19. .gitignore
  20. .travis.yml
  21. aclocal.m4
  22. config.guess
  23. config.sub
  24. configure
  25. configure.ac
  26. install-sh
  27. LICENSE
  28. Makefile.pre.in
  29. pyconfig.h.in
  30. README.rst
  31. setup.py