commit | f22c4cf11d10f52faa86e0b308dd28f11819efd8 | [log] [tgz] |
---|---|---|
author | Christian Heimes <christian@python.org> | Mon Jul 01 09:25:48 2019 +0200 |
committer | GitHub <noreply@github.com> | Mon Jul 01 09:25:48 2019 +0200 |
tree | a221e4d3841ffe1ddd8bae9324d7a07237fa3d88 | |
parent | ee72dda9616258b57c19eb5af00f3e80a3fb8e22 [diff] |
[3.8] bpo-37428: Don't set PHA verify flag on client side (GH-14494) SSLContext.post_handshake_auth = True no longer sets SSL_VERIFY_POST_HANDSHAKE verify flag for client connections. Although the option is documented as ignored for clients, OpenSSL implicitly enables cert chain validation when the flag is set. Signed-off-by: Christian Heimes <christian@python.org> https://bugs.python.org/issue37428 (cherry picked from commit f0f5930ac88482ef896283db5be9b8d508d077db)