Christian Heimes added the comment: > Interesting. Is it because of the way you implemented get_ca_certs()?
Yes, it's the line http://hg.python.org/cpython/file/b78de8029606/Modules/_ssl.c#l3103 that skips all certs that are not recognized as CA certs. I wasn't aware that OpenSSL supports self-signed certs that way. > Can you explain? What does "check_ca" mean? The return value of X509_check_ca(). http://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=crypto/x509v3/v3_purp.c;h=6c40c7dfc318e4b46fc20d38581ad3656e344b5e;hb=HEAD#l517 ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue20000> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com