New submission from Steve Dower: As a prerequisite for fixing issues such as issue20916 (dynamic download/update of CAs and CRLs), we really need to be able to plug into the certificate verification function for OpenSSL.
This patch adds SSLContext._set_cert_verify_callback, which will allow Python code to inject its own verification function. No other functionality is added, but I have proof-of-concept code that uses this patch to delegate all certificate handling to Windows and it works beautifully (better than I expected :) ). If possible, I'd like to get this into Python 3.6. I intend to turn that proof-of-concept into an actual released library and would like to be able to do it sooner rather than later. Targeting 3.6 is the main reason I named the function with an underscore, but I'd be happy to drop it. ---------- assignee: christian.heimes components: SSL messages: 281230 nosy: christian.heimes, ned.deily, steve.dower priority: normal severity: normal stage: patch review status: open title: Expose SSL_CTX_set_cert_verify_callback type: security versions: Python 3.6, Python 3.7 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28747> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
