Zack Weinberg <> added the comment:

I have yet another use case for the function implemented by this patch (i.e. 
retrieving the cert chain actually sent by the server, regardless of whether 
that gives a path to a trust anchor).  I'm implementing a network forensics 
tool, and one of the situations it's supposed to detect is when a 
man-in-the-middle is attempting to substitute its own cert for a site's 
"legitimate" cert (yes, possibly having suborned a public CA in order to do 
so).  To make all of the planned heuristics for this work correctly, I need to 
record exactly what came over the wire.

If it would be useful for me to dust off the patch and/or implement the _other_ 
function that people requested (retrieve the chain that OpenSSL concluded was a 
valid chain to an accepted trust anchor)  I can probably scare up time to do so 
in the next week or two.  I imagine it's too late for 3.8 patch releases at 
this point, but assuming I did this, could it make 3.9?

nosy: +zwol

Python tracker <>
Python-bugs-list mailing list

Reply via email to