> On 31 Jan 2017, at 09:33, Christian Heimes <christ...@python.org> wrote: > > One small correction, it is possible to export some of the trust > settings to a TRUSTED CERTIFICATE and import them into OpenSSL. It works > correctly in 1.0.1 and since 1.0.2e or f. Trust settings are stored in > X509_AUX extension after the actual certificate and signature. OpenSSL's > default loaders for cert dir and cert file do load auxiliary trust > information.
Ah, good spot. I suspect the code you’d need to write to safely extract that functionality is pretty subtle. I definitely don’t trust myself to get it right. Cory _______________________________________________ Python-Dev mailing list Python-Dev@python.org https://mail.python.org/mailman/listinfo/python-dev Unsubscribe: https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
