New submission from Christian Heimes: https://docs.python.org/2/library/ssl.html#ssl.SSLContext.load_verify_locations can load certs from a file, a directory or from memory. OpenSSL's loaders for cafile and capath load auxiliary data of trusted certs. The custom loader for cadata ignores AUX data because it uses PEM_read_bio_X509() instead of PEM_read_bio_X509_AUX().
With the recent fix of OpenSSL 1.0.2 https://github.com/openssl/openssl/commit/a3baa171053547488475709c7197592c66e427cf trusted certificates now work again. I propose to change cadata to load trust settings, too. ---------- assignee: christian.heimes components: Extension Modules messages: 261109 nosy: alex, christian.heimes, dstufft, giampaolo.rodola, janssen, pitrou priority: normal severity: normal stage: needs patch status: open title: load_verify_locations(cadata) should load AUX ASN.1 to supported trusted certs type: security versions: Python 2.7, Python 3.5, Python 3.6 _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue26471> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
