Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag #85026

Closed
l0x-c0d3z mannequin opened this issue Jun 2, 2020 · 3 comments
Closed

Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag #85026

l0x-c0d3z mannequin opened this issue Jun 2, 2020 · 3 comments
Assignees
Labels
3.10 expert-SSL type-feature

Comments

@l0x-c0d3z
Copy link
Mannequin

@l0x-c0d3z l0x-c0d3z mannequin commented Jun 2, 2020

BPO 40849
Nosy @tiran, @miss-islington, @l0x-c0d3z
PRs
  • #20463
  • Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = 'https://github.com/tiran'
    closed_at = <Date 2021-04-19.12:00:33.162>
    created_at = <Date 2020-06-02.19:20:28.918>
    labels = ['expert-SSL', 'type-feature', '3.10']
    title = 'Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag'
    updated_at = <Date 2021-04-19.12:00:33.162>
    user = 'https://github.com/l0x-c0d3z'

    bugs.python.org fields:

    activity = <Date 2021-04-19.12:00:33.162>
    actor = 'christian.heimes'
    assignee = 'christian.heimes'
    closed = True
    closed_date = <Date 2021-04-19.12:00:33.162>
    closer = 'christian.heimes'
    components = ['SSL']
    creation = <Date 2020-06-02.19:20:28.918>
    creator = 'l0x'
    dependencies = []
    files = []
    hgrepos = []
    issue_num = 40849
    keywords = []
    message_count = 3.0
    messages = ['370621', '370627', '391374']
    nosy_count = 3.0
    nosy_names = ['christian.heimes', 'miss-islington', 'l0x']
    pr_nums = ['20463']
    priority = 'normal'
    resolution = 'fixed'
    stage = 'resolved'
    status = 'closed'
    superseder = None
    type = 'enhancement'
    url = 'https://bugs.python.org/issue40849'
    versions = ['Python 3.10']

    @l0x-c0d3z
    Copy link
    Mannequin Author

    @l0x-c0d3z l0x-c0d3z mannequin commented Jun 2, 2020

    This simple patch exposes OpenSSL's X509_V_FLAG_PARTIAL_CHAIN if it is defined. This lets us trust a certificate if it is signed by a certificate in the trust store, even if that CA is not a root CA. It makes it possible to trust an intermediate CA without trusting the root and all the other intermediate CAs it has signed.

    @l0x-c0d3z l0x-c0d3z mannequin assigned tiran Jun 2, 2020
    @l0x-c0d3z l0x-c0d3z mannequin added expert-SSL type-feature labels Jun 2, 2020
    @l0x-c0d3z l0x-c0d3z mannequin assigned tiran Jun 2, 2020
    @l0x-c0d3z l0x-c0d3z mannequin added expert-SSL type-feature labels Jun 2, 2020
    @tiran
    Copy link
    Member

    @tiran tiran commented Jun 2, 2020

    Thanks for the patch!

    I'm still pondering if I prefer VERIFY_PARTIAL_CHAIN over VERIFY_X509_PARTIAL_CHAIN. The string X509 is not meaningful here but fits with the other, much older flags.

    @tiran tiran added 3.10 labels Jun 2, 2020
    @miss-islington
    Copy link
    Contributor

    @miss-islington miss-islington commented Apr 19, 2021

    New changeset 64d9752 by l0x in branch 'master':
    bpo-40849: Expose X509_V_FLAG_PARTIAL_CHAIN ssl flag (GH-20463)
    64d9752

    @tiran tiran closed this as completed Apr 19, 2021
    @tiran tiran closed this as completed Apr 19, 2021
    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 10, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Labels
    3.10 expert-SSL type-feature
    Projects
    None yet
    Development

    No branches or pull requests

    2 participants