Grant Bremer added the comment:
The use case is for an internal PKI implementation where verification should
be, needs to be limited to certificates signed by the PKI CA and no higher to,
say, a larger realm which would not be appropriate
Changes by Grant Bremer <gbre...@gmail.com>:
--
hgrepos: -316
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25115>
___
__
Grant Bremer added the comment:
Attached is a patch for the 3.5 branch. The test is minimal -- we are relying
on the underlying OpenSSL library and its context to manage the data. I have
removed the data validation from the set function -- OpenSSL seems happy to
accept negative numbers
Grant Bremer added the comment:
I had thought that I had found documentation that the max depth is 100 and
anything higher is ignored -- and as I read that back to me, I believe I read
an example passage and interpreted it incorrectly. I'll remove that.
We primarily use Python 2.7, so I
New submission from Grant Bremer:
The SSL_set_verify_depth OpenSSL method is not currently exposed by the ssl
module. The context object would seem to be the proper place for it as an
instance method.
--
components: Library (Lib)
messages: 250718
nosy: Grant Bremer
priority: normal
Changes by Grant Bremer <gbre...@gmail.com>:
--
hgrepos: +316
keywords: +patch
Added file: http://bugs.python.org/file40471/verify_depth.patch
___
Python tracker <rep...@bugs.python.org>
<http://bugs.python