gh-107361: strengthen default SSL context flags (#112389)

This adds `VERIFY_X509_STRICT` to make the default SSL context perform stricter (per RFC 5280) validation, as well as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant path-building behavior. As part of this changeset, I had to tweak `make_ssl_certs.py` slightly to emit 5280-conforming CA certs. This changeset includes the regenerated certificates after that change. Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Victor Stinner <vstinner@python.org>
2025-07-07 19:35:27 +00:00 · 2024-03-06 16:44:58 -05:00 · 2024-03-06 16:44:58 -05:00 · 0876b921b2
commit 0876b921b2
parent ea1803e608
26 changed files with 1184 additions and 1067 deletions
--- a/Lib/ssl.py
+++ b/Lib/ssl.py
@ -704,6 +704,16 @@ def create_default_context(purpose=Purpose.SERVER_AUTH, *, cafile=None,
    else:
        raise ValueError(purpose)

+    # `VERIFY_X509_PARTIAL_CHAIN` makes OpenSSL's chain building behave more
+    # like RFC 3280 and 5280, which specify that chain building stops with the
+    # first trust anchor, even if that anchor is not self-signed.
+    #
+    # `VERIFY_X509_STRICT` makes OpenSSL more conservative about the
+    # certificates it accepts, including "disabling workarounds for
+    # some broken certificates."
+    context.verify_flags |= (_ssl.VERIFY_X509_PARTIAL_CHAIN |
+                             _ssl.VERIFY_X509_STRICT)
+
    if cafile or capath or cadata:
        context.load_verify_locations(cafile, capath, cadata)
    elif context.verify_mode != CERT_NONE: