Uploaded image for project: 'Python Driver'
  1. Python Driver
  2. PYTHON-2147

OCSP callback should use the verified peer certificate chain to find the cert issuer

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 3.13, 4.1, 4.0.2
    • Affects Version/s: 3.11
    • Component/s: TLS/SSL
    • None

      Our OCSP callback should use the verified peer certificate chain to find the cert issuer. It currently uses the "raw" peer certificate chain sent by the server. This requires a new PyOpenSSL feature to allow inspecting the verified peer cert chain. I've implemented this in:
      https://github.com/pyca/pyopenssl/pull/894

            Assignee:
            shane.harvey@mongodb.com Shane Harvey
            Reporter:
            shane.harvey@mongodb.com Shane Harvey
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: