Grant Bremer added the comment:
The use case is for an internal PKI implementation where verification should
be, needs to be limited to certificates signed by the PKI CA and no higher to,
say, a larger realm which would not be appropriate
Changes by Grant Bremer :
--
hgrepos: -316
___
Python tracker
<http://bugs.python.org/issue25115>
___
___
Python-bugs-list mailing list
Unsubscribe:
Grant Bremer added the comment:
Attached is a patch for the 3.5 branch. The test is minimal -- we are relying
on the underlying OpenSSL library and its context to manage the data. I have
removed the data validation from the set function -- OpenSSL seems happy to
accept negative numbers for
Grant Bremer added the comment:
I had thought that I had found documentation that the max depth is 100 and
anything higher is ignored -- and as I read that back to me, I believe I read
an example passage and interpreted it incorrectly. I'll remove that.
We primarily use Python 2.7,
Changes by Grant Bremer :
--
hgrepos: +316
keywords: +patch
Added file: http://bugs.python.org/file40471/verify_depth.patch
___
Python tracker
<http://bugs.python.org/issue25
New submission from Grant Bremer:
The SSL_set_verify_depth OpenSSL method is not currently exposed by the ssl
module. The context object would seem to be the proper place for it as an
instance method.
--
components: Library (Lib)
messages: 250718
nosy: Grant Bremer
priority: normal
