Christian Heimes added the comment: IMHO SSL CTX set cert verify callback() is the wrong approach. Your are completely bypassing cert validation checks of OpenSSL. The callback has to build the chain and perform all checks on its own. By all checks I literally mean *all*, https://wiki.openssl.org/index.php/Manual:SSL_CTX_set_cert_verify_callback(3)#WARNINGS
Basically you want to replace OpenSSL's X509 verification with Windows' cert validation and just leave the handshake and encryption to OpenSSL? ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue28747> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
