Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 3.13, 4.1, 4.0.2
Affects Version/s: 3.11
Component/s: TLS/SSL
Labels:
None

Confidence Status:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Our OCSP callback should use the verified peer certificate chain to find the cert issuer. It currently uses the "raw" peer certificate chain sent by the server. This requires a new PyOpenSSL feature to allow inspecting the verified peer cert chain. I've implemented this in:
https://github.com/pyca/pyopenssl/pull/894

is related to

PYTHON-3132 Bump minimum pyopenssl version req to >=20

Backlog

PYTHON-2936 Test Failure - test_validation_with_system_ca_certs macOS + pyOpenSSL

Closed

related to

PYTHON-2093 OCSP Support

Closed

PYTHON-2140 Test PyOpenSSL support on macOS

Closed

PYTHON-2144 Test OCSP support on macOS and Windows

Closed

Assignee:: Shane Harvey
Reporter:: Shane Harvey
Votes:: 0 Vote for this issue
Watchers:: 1 Start watching this issue

Created:: Mar 03 2020 07:06:19 PM UTC
Updated:: Oct 29 2023 02:29:46 AM UTC
Resolved:: Feb 17 2022 01:15:50 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates