[issue25115] SSL_set_verify_depth not exposed by the ssl module
Grant Bremer added the comment: The use case is for an internal PKI implementation where verification should be, needs to be limited to certificates signed by the PKI CA and no higher to, say, a larger realm which would not be appropriate. -- ___ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
Changes by Grant Bremer <gbre...@gmail.com>: -- hgrepos: -316 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
Grant Bremer added the comment: Attached is a patch for the 3.5 branch. The test is minimal -- we are relying on the underlying OpenSSL library and its context to manage the data. I have removed the data validation from the set function -- OpenSSL seems happy to accept negative numbers for depth, even if that is a non-sensical value. I have started on the documentation, and can do a more comprehensive job if the code section is good or mostly good. I'll do the same for the 2.7 patch. -- Added file: http://bugs.python.org/file40483/verify_depth-3.5.patch ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
Grant Bremer added the comment: I had thought that I had found documentation that the max depth is 100 and anything higher is ignored -- and as I read that back to me, I believe I read an example passage and interpreted it incorrectly. I'll remove that. We primarily use Python 2.7, so I started there. I'll submit another patch with changes on the 3.5 branch and add tests. -- versions: +Python 2.7 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
New submission from Grant Bremer: The SSL_set_verify_depth OpenSSL method is not currently exposed by the ssl module. The context object would seem to be the proper place for it as an instance method. -- components: Library (Lib) messages: 250718 nosy: Grant Bremer priority: normal severity: normal status: open title: SSL_set_verify_depth not exposed by the ssl module type: enhancement versions: Python 2.7, Python 3.5 ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue25115] SSL_set_verify_depth not exposed by the ssl module
Changes by Grant Bremer <gbre...@gmail.com>: -- hgrepos: +316 keywords: +patch Added file: http://bugs.python.org/file40471/verify_depth.patch ___ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue25115> ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com