mirror of
https://github.com/python/cpython
synced 2024-07-20 17:55:24 +00:00
bpo-39342: Expose X509_V_FLAG_ALLOW_PROXY_CERTS in ssl module (GH-18011)
Exposes the `X509_V_FLAG_ALLOW_PROXY_CERTS` constant as `ssl.VERIFY_ALLOW_PROXY_CERTS` to allow for proxy certificate validation as described in: https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html
This commit is contained in:
parent
e0bf70d08c
commit
e0b4aa0f5c
|
@ -634,6 +634,13 @@ Constants
|
|||
|
||||
.. versionadded:: 3.4
|
||||
|
||||
.. data:: VERIFY_ALLOW_PROXY_CERTS
|
||||
|
||||
Possible value for :attr:`SSLContext.verify_flags` to enables proxy
|
||||
certificate verification.
|
||||
|
||||
.. versionadded:: 3.10
|
||||
|
||||
.. data:: VERIFY_X509_TRUSTED_FIRST
|
||||
|
||||
Possible value for :attr:`SSLContext.verify_flags`. It instructs OpenSSL to
|
||||
|
|
|
@ -1305,6 +1305,8 @@ def test_verify_flags(self):
|
|||
self.assertEqual(ctx.verify_flags, ssl.VERIFY_CRL_CHECK_CHAIN)
|
||||
ctx.verify_flags = ssl.VERIFY_DEFAULT
|
||||
self.assertEqual(ctx.verify_flags, ssl.VERIFY_DEFAULT)
|
||||
ctx.verify_flags = ssl.VERIFY_ALLOW_PROXY_CERTS
|
||||
self.assertEqual(ctx.verify_flags, ssl.VERIFY_ALLOW_PROXY_CERTS)
|
||||
# supports any value
|
||||
ctx.verify_flags = ssl.VERIFY_CRL_CHECK_LEAF | ssl.VERIFY_X509_STRICT
|
||||
self.assertEqual(ctx.verify_flags,
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
Expose ``X509_V_FLAG_ALLOW_PROXY_CERTS`` as
|
||||
:data:`~ssl.VERIFY_ALLOW_PROXY_CERTS` to allow proxy certificate validation
|
||||
as explained in
|
||||
https://www.openssl.org/docs/man1.1.1/man7/proxy-certificates.html.
|
|
@ -6181,6 +6181,8 @@ sslmodule_init_constants(PyObject *m)
|
|||
X509_V_FLAG_CRL_CHECK|X509_V_FLAG_CRL_CHECK_ALL);
|
||||
PyModule_AddIntConstant(m, "VERIFY_X509_STRICT",
|
||||
X509_V_FLAG_X509_STRICT);
|
||||
PyModule_AddIntConstant(m, "VERIFY_ALLOW_PROXY_CERTS",
|
||||
X509_V_FLAG_ALLOW_PROXY_CERTS);
|
||||
#ifdef X509_V_FLAG_TRUSTED_FIRST
|
||||
PyModule_AddIntConstant(m, "VERIFY_X509_TRUSTED_FIRST",
|
||||
X509_V_FLAG_TRUSTED_FIRST);
|
||||
|
|
Loading…
Reference in a new issue