-
-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSLSocket.getpeercert(): OCSP and CRL DP URIs #62579
Comments
The patch implements OCSP and CRL distribution point access for getpeercert(). I'll add tests and doc updates later. Output for https://info.pca.dfn.de/ {'OCSP': ('http://ocsp.pca.dfn.de/OCSP-Server/OCSP',), |
Updated patch with test, doc updates and a third field. I have added CDP and two AIA URIs: crlDistributionPoints, caIssuers and OCSP |
Do you have to put those certs in capath? Things would probably be simpler if you didn't have to trigger capath loading using an actual SSL connection. |
It's just one certificate. The hash format of OpenSSL has changed over the years so we have to duplicate all certificates. But I don't need the extra stuff. I figured out that the Nokia test certificate has all new fields. My initial patch has a versionchanged doc update. Did you have too much French wine again? *scnr* :) |
Indeed, it's just the decision to use capath that I'm arguing with.
Not *too much*, no ;-) |
Are you satisfied with my patch? I'd like to commit it before beta 1 |
New changeset 468d18bffdea by Christian Heimes in branch 'default': |
memo to me: update whatsnew |
New changeset 40bfddda43d4 by Christian Heimes in branch 'default': |
New changeset 7885876b6503 by R David Murray in branch 'default': |
Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.
Show more details
GitHub fields:
bugs.python.org fields:
The text was updated successfully, but these errors were encountered: