You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In Python 3.10 there were private APIs SSLObject.get_verified_chain() and _ssl.Certificate.public_bytes(_ssl.ENCODING_DER) methods added. In theory this means we can support pinning any certificate within the chain instead of only the peercert. This is great news as pinning only the peercert wasn't as useful as it doesn't allow for certificate rotation or for multiple leaf certificates to be verified by a single fingerprint.
In Python 3.10 there were private APIs
SSLObject.get_verified_chain()
and_ssl.Certificate.public_bytes(_ssl.ENCODING_DER)
methods added. In theory this means we can support pinning any certificate within the chain instead of only the peercert. This is great news as pinning only the peercert wasn't as useful as it doesn't allow for certificate rotation or for multiple leaf certificates to be verified by a single fingerprint.Ref: python/cpython#25467
cc @tiran
The text was updated successfully, but these errors were encountered: