[New-bugs-announce] [issue18617] TLS and Intermediate Certificates

Donald Stufft report at bugs.python.org
Thu Aug 1 18:58:37 CEST 2013

New submission from Donald Stufft:

Currently the Python SSL module requires the full chain, including all intermediaries, to be served in order to validate a TLS connection. This isn't *wrong* however a number of folks have had issues trying to setup a custom PyPI index in pip due to missing them. The believed the problem with validation to be in pip/Python because it works in their browser.

Essentially browsers have the ability to download missing intermediate certs using an url found inside the AIA data. This is slow and isn't generally recommended that you rely on it for any particular site. However it does mean that TLS connections work in more situations.

At the least this should probably be documented, and possibly the Python library be enhanced to be more browser like in this regard.

components: Library (Lib)
messages: 194088
nosy: dstufft
priority: normal
severity: normal
status: open
title: TLS and Intermediate Certificates
type: enhancement

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list