[New-bugs-announce] [issue26471] load_verify_locations(cadata) should load AUX ASN.1 to supported trusted certs
Christian Heimes
report at bugs.python.org
Wed Mar 2 07:24:40 EST 2016
New submission from Christian Heimes:
https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_verify_locations can load certs from a file, a directory or from memory. OpenSSL's loaders for cafile and capath load auxiliary data of trusted certs. The custom loader for cadata ignores AUX data because it uses PEM_read_bio_X509() instead of PEM_read_bio_X509_AUX().
With the recent fix of OpenSSL 1.0.2 https://github.com/openssl/openssl/commit/a3baa171053547488475709c7197592c66e427cf trusted certificates now work again. I propose to change cadata to load trust settings, too.
----------
assignee: christian.heimes
components: Extension Modules
messages: 261109
nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou
priority: normal
severity: normal
stage: needs patch
status: open
title: load_verify_locations(cadata) should load AUX ASN.1 to supported trusted certs
type: security
versions: Python 2.7, Python 3.5, Python 3.6
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26471>
_______________________________________
More information about the New-bugs-announce
mailing list