mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-03 08:34:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

bpo-31432: Clarify ssl CERT_NONE/OPTIONAL/REQUIRED docs. (GH-3530)

Browse source 
The documentation for CERT_NONE, CERT_OPTIONAL, and CERT_REQUIRED were
misleading and partly wrong. It fails to explain that OpenSSL behaves
differently in client and server mode. Also OpenSSL does validate the
cert chain everytime. With SSL_VERIFY_NONE a validation error is not
fatal in client mode and does not request a client cert in server mode.
Also discourage people from using CERT_OPTIONAL in client mode.
This commit is contained in:
Christian Heimes 2018-06-12 00:59:45 +02:00 committed by Ned Deily
parent 4b704f29f5
commit ef24b6c54d
4 changed files with 32 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Modules/_ssl.c
View file

@ -2066,7 +2066,7 @@ static int PySSL_set_context(PySSLSocket *self, PyObject *value,
SSL_set_SSL_CTX(self->ssl, self->ctx->ctx);
#endif
} else {
PyErr_SetString(PyExc_TypeError, "The value must be a SSLContext");
PyErr_SetString(PyExc_TypeError, "The value must be an SSLContext.");
return -1;
}
@ -2725,7 +2725,7 @@ static int PySSL_set_session(PySSLSocket *self, PyObject *value,
int result;
if (!PySSLSession_Check(value)) {
PyErr_SetString(PyExc_TypeError, "Value is not a SSLSession.");
PyErr_SetString(PyExc_TypeError, "Value is not an SSLSession.");
return -1;
}
pysess = (PySSLSession *)value;