[New-bugs-announce] [issue18617] TLS and Intermediate Certificates
report at bugs.python.org
Thu Aug 1 18:58:37 CEST 2013
New submission from Donald Stufft:
Currently the Python SSL module requires the full chain, including all intermediaries, to be served in order to validate a TLS connection. This isn't *wrong* however a number of folks have had issues trying to setup a custom PyPI index in pip due to missing them. The believed the problem with validation to be in pip/Python because it works in their browser.
Essentially browsers have the ability to download missing intermediate certs using an url found inside the AIA data. This is slow and isn't generally recommended that you rely on it for any particular site. However it does mean that TLS connections work in more situations.
At the least this should probably be documented, and possibly the Python library be enhanced to be more browser like in this regard.
components: Library (Lib)
title: TLS and Intermediate Certificates
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce