Sam Vilain added the comment: Perhaps the simplest thing here is to add a standard verify callback that catches verification errors, and returns the parsed server certificate as an attribute of the raised exception object. From python, the exception can be caught and then the certificate data info used to fetch the intermediate certificate, and pass it into SSLContext.load_verify_locations().
This would force an extra client connection, but be less insane than trying to fetch and return the certificate from inside the SSL_CTX_set_verify() callback IMHO. Does that sound workable? Any hints for a would-be drive-by patcher? ---------- nosy: +samv versions: +Python 3.5 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue18617> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
