Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NOTIFY_POLICY doesn't do anything #1212

Closed
davidben opened this issue Apr 20, 2023 · 0 comments · Fixed by #1213
Closed

NOTIFY_POLICY doesn't do anything #1212

davidben opened this issue Apr 20, 2023 · 0 comments · Fixed by #1213

Comments

@davidben
Copy link
Contributor

This can probably be removed, or at least set to zero. cryptography binds X509_V_FLAG_NOTIFY_POLICY and pyopenssl reexports it. But this doesn't do anything. All X509_V_FLAG_NOTIFY_POLICY does is call the verify callback to be called an extra time with ok=2. (Unclear why one would ever want this feature.)

But pyopenssl doesn't install a verify callback (cryptography doesn't even bind it as of pyca/cryptography#8358), so setting it is always a no-op.
reaperhulk added a commit to reaperhulk/pyopenssl that referenced this issue Apr 21, 2023
@reaperhulk
remove X509StoreFlags.NOTIFY_POLICY
23cbbdf 
fixes pyca#1212
@reaperhulk reaperhulk mentioned this issue Apr 21, 2023
Merged
alex pushed a commit that referenced this issue Apr 21, 2023
@reaperhulk
remove X509StoreFlags.NOTIFY_POLICY (#1213)
d788a4f 
* remove X509StoreFlags.NOTIFY_POLICY

fixes #1212

* also fix twisted

* more CI fixes, sigh
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jul 21, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

remove X509StoreFlags.NOTIFY_POLICY reaperhulk/pyopenssl
1 participant
@davidben