[PYTHON-2147] OCSP callback should use the verified peer certificate chain to find the cert issuer - MongoDB Jira

XML

Word

Printable

JSON

Details

Type: Task
Status: Closed
Priority: Major - P3
Resolution: Fixed
Affects Version/s: 3.11
Fix Version/s: 3.13, 4.1, 4.0.2
Component/s: TLS/SSL
Labels:
None

Description

Our OCSP callback should use the verified peer certificate chain to find the cert issuer. It currently uses the "raw" peer certificate chain sent by the server. This requires a new PyOpenSSL feature to allow inspecting the verified peer cert chain. I've implemented this in:
https://github.com/pyca/pyopenssl/pull/894

Attachments

Issue Links

is related to

PYTHON-3132 Bump minimum pyopenssl version req to >=20

Backlog

PYTHON-2936 Test Failure - test_validation_with_system_ca_certs macOS + pyOpenSSL

Closed

related to

PYTHON-2093 OCSP Support

Closed

PYTHON-2140 Test PyOpenSSL support on macOS

Closed

PYTHON-2144 Test OCSP support on macOS and Windows

Closed

Activity

People

Assignee:: Shane Harvey

Reporter:: Shane Harvey

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: Mar 03 2020 07:06:19 PM UTC

Updated:: Feb 17 2022 01:15:50 AM UTC

Resolved:: Feb 17 2022 01:15:50 AM UTC