New submission from Ralph Broenink:
Issue #18138 added support for the cadata argument in
SSLContext.load_verify_locations. However, this argument does not support
certificate revocation lists (CRLs) to be added (at least not in PEM format):
ssl.SSLError: [PEM: NO_START_LINE] no start line (_ssl.c:2633)
The documentation of this method is rather vague on this subject and does not
state explicitly this is not allowed:
This method can also load certification revocation lists (CRLs) in PEM or
or DER format. In order to make use of CRLs, SSLContext.verify_flags must be
configured properly.
I think CRLs should be allowed to be loaded using the cadata argument. However,
the documentation could use some polishing too: "At least one of cafile or
capath must be specified." is outdated since the introduction of cadata.
----------
components: Extension Modules
messages: 226582
nosy: Ralph.Broenink
priority: normal
severity: normal
status: open
title: SSLContext.load_verify_locations(cadata) does not accept CRLs
versions: Python 3.4
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue22365>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
