Please sign in to comment.
Revert to cert handling from 0404c15.
Turns out ca_file is the only way to make validation work. Creating a new X509 cert object out of the CA file only grabs one of the certificates, not the entire chain. Without the rest of the intermediate certs in the chain, verification fails on any machine that doesn't already have those certs.
- Loading branch information...