[issue25115] SSL_set_verify_depth not exposed by the ssl module

2017-09-10 Thread Grant Bremer

Grant Bremer added the comment:

The use case is for an internal PKI implementation where verification should 
be, needs to be limited to certificates signed by the PKI CA and no higher to, 
say, a larger realm which would not be appropriate.

--

___
Python tracker <rep...@bugs.python.org>
<https://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue25115] SSL_set_verify_depth not exposed by the ssl module

2015-09-16 Thread Grant Bremer

Changes by Grant Bremer <gbre...@gmail.com>:


--
hgrepos:  -316

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue25115] SSL_set_verify_depth not exposed by the ssl module

2015-09-16 Thread Grant Bremer

Grant Bremer added the comment:

Attached is a patch for the 3.5 branch. The test is minimal -- we are relying 
on the underlying OpenSSL library and its context to manage the data. I have 
removed the data validation from the set function -- OpenSSL seems happy to 
accept negative numbers for depth, even if that is a non-sensical value. I have 
started on the documentation, and can do a more comprehensive job if the code 
section is good or mostly good. I'll do the same for the 2.7 patch.

--
Added file: http://bugs.python.org/file40483/verify_depth-3.5.patch

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue25115] SSL_set_verify_depth not exposed by the ssl module

2015-09-15 Thread Grant Bremer

Grant Bremer added the comment:

I had thought that I had found documentation that the max depth is 100 and 
anything higher is ignored -- and as I read that back to me, I believe I read 
an example passage and interpreted it incorrectly. I'll remove that.

We primarily use Python 2.7, so I started there. I'll submit another patch with 
changes on the 3.5 branch and add tests.

--
versions: +Python 2.7

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue25115] SSL_set_verify_depth not exposed by the ssl module

2015-09-14 Thread Grant Bremer

New submission from Grant Bremer:

The SSL_set_verify_depth OpenSSL method is not currently exposed by the ssl 
module. The context object would seem to be the proper place for it as an 
instance method.

--
components: Library (Lib)
messages: 250718
nosy: Grant Bremer
priority: normal
severity: normal
status: open
title: SSL_set_verify_depth not exposed by the ssl module
type: enhancement
versions: Python 2.7, Python 3.5

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue25115] SSL_set_verify_depth not exposed by the ssl module

2015-09-14 Thread Grant Bremer

Changes by Grant Bremer <gbre...@gmail.com>:


--
hgrepos: +316
keywords: +patch
Added file: http://bugs.python.org/file40471/verify_depth.patch

___
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com