[New-bugs-announce] [issue22365] SSLContext.load_verify_locations(cadata) does not accept CRLs
report at bugs.python.org
Mon Sep 8 16:54:46 CEST 2014
New submission from Ralph Broenink:
Issue #18138 added support for the cadata argument in SSLContext.load_verify_locations. However, this argument does not support certificate revocation lists (CRLs) to be added (at least not in PEM format):
ssl.SSLError: [PEM: NO_START_LINE] no start line (_ssl.c:2633)
The documentation of this method is rather vague on this subject and does not state explicitly this is not allowed:
This method can also load certification revocation lists (CRLs) in PEM or or DER format. In order to make use of CRLs, SSLContext.verify_flags must be configured properly.
I think CRLs should be allowed to be loaded using the cadata argument. However, the documentation could use some polishing too: "At least one of cafile or capath must be specified." is outdated since the introduction of cadata.
components: Extension Modules
title: SSLContext.load_verify_locations(cadata) does not accept CRLs
versions: Python 3.4
Python tracker <report at bugs.python.org>
More information about the New-bugs-announce