mirrors
/
cpython
mirror of https://github.com/python/cpython.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

merge 3.4 (#23476)

This commit is contained in:
Benjamin Peterson 2015-03-04 22:11:48 -05:00
parent 2f0441f03f fdb1971587
commit b64ae7bf2d
2 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Misc/NEWS
View File

@ -13,6 +13,9 @@ Core and Builtins
Library Library
------- -------
- Issue #23476: In the ssl module, enable OpenSSL's X509_V_FLAG_TRUSTED_FIRST
flag on certificate stores when it is available.
- Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the - Issue #23576: Avoid stalling in SSL reads when EOF has been reached in the
SSL layer but the underlying connection hasn't been closed. SSL layer but the underlying connection hasn't been closed.

9
Modules/_ssl.c
View File

@ -2199,6 +2199,15 @@ context_new(PyTypeObject *type, PyObject *args, PyObject *kwds)
sizeof(SID_CTX)); sizeof(SID_CTX));
#undef SID_CTX #undef SID_CTX
#ifdef X509_V_FLAG_TRUSTED_FIRST
{
/* Improve trust chain building when cross-signed intermediate
certificates are present. See https://bugs.python.org/issue23476. */
X509_STORE *store = SSL_CTX_get_cert_store(self->ctx);
X509_STORE_set_flags(store, X509_V_FLAG_TRUSTED_FIRST);
}
#endif
return (PyObject *)self; return (PyObject *)self;
} }