[New-bugs-announce] [issue28747] Expose SSL_CTX_set_cert_verify_callback
Steve Dower
report at bugs.python.org
Sat Nov 19 16:36:12 EST 2016
New submission from Steve Dower:
As a prerequisite for fixing issues such as issue20916 (dynamic download/update of CAs and CRLs), we really need to be able to plug into the certificate verification function for OpenSSL.
This patch adds SSLContext._set_cert_verify_callback, which will allow Python code to inject its own verification function.
No other functionality is added, but I have proof-of-concept code that uses this patch to delegate all certificate handling to Windows and it works beautifully (better than I expected :) ).
If possible, I'd like to get this into Python 3.6. I intend to turn that proof-of-concept into an actual released library and would like to be able to do it sooner rather than later. Targeting 3.6 is the main reason I named the function with an underscore, but I'd be happy to drop it.
----------
assignee: christian.heimes
components: SSL
messages: 281230
nosy: christian.heimes, ned.deily, steve.dower
priority: normal
severity: normal
stage: patch review
status: open
title: Expose SSL_CTX_set_cert_verify_callback
type: security
versions: Python 3.6, Python 3.7
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28747>
_______________________________________
More information about the New-bugs-announce
mailing list