mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-09-28 19:25:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

whatsnew: SSLContext.verify_flags and constants. (#8813)

Browse source
This commit is contained in:
R David Murray 2014-03-09 17:01:34 -04:00
parent e5127299c8
commit 6978722828
1 changed files with 8 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Doc/whatsnew/3.4.rst
View file

@ -1305,6 +1305,14 @@ The dictionary returned by :meth:`.SSLSocket.getpeercert` contains additional
``X509v3`` extension items: ``crlDistributionPoints``, ``calIssuers``, and ``X509v3`` extension items: ``crlDistributionPoints``, ``calIssuers``, and
``OCSP`` URIs. (Contributed by Christian Heimes in :issue:`18379`.) ``OCSP`` URIs. (Contributed by Christian Heimes in :issue:`18379`.)
If OpenSSL 0.9.8 or later is available, :class:`~ssl.SSLContext` has an new
attribute :attr:`~ssl.SSLContext.verify_flags` that can be used to control the
certificate verification process by setting it to some combination of the new
constants :data:`~ssl.VERIFY_DEFAULT`, :data:`~ssl.VERIFY_CRL_CHECK_LEAF`,
:data:`~ssl.VERIFY_CRL_CHECK_CHAIN`, or :data:`~ssl.VERIFY_X509_STRICT`.
OpenSSL does not do any CRL verification by default. (Contributed by
Christien Heimes in :issue:`8813`.)
stat stat
---- ----