allow use of default certificate store
Bug #264956 reported by
Ludwig Nussel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
pyOpenSSL |
Fix Released
|
Medium
|
Jean-Paul Calderone |
Bug Description
While trying to fix up one of our tools to support proper https I
found the following features missing from pyopenssl:
- it's not possible to pass a directory as certificate store. On
openSUSE we have all trusted ca certificates in individual files
in /etc/ssl/certs
- applications should not need to know about /etc/ssl/certs so the
lib should just use SSL_CTX_
location built into the distro's openssl.
The attached patch implements both features without changing the
API.
Related branches
Changed in pyopenssl: | |
milestone: | none → 0.9 |
Changed in pyopenssl: | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
I've added support for a second optional argument to load_verify_ locations and added a separate set_default_ verify_ paths method based on your patch. I think together these changes expose all the functionality you're interested in. I took this approach because I prefer to mimic the OpenSSL API as closely as possible. The code is still in the branch in the "Related branches" section, not trunk. Please let me know what you think, and hopefully I can merge this to trunk soon.