mirrors/cpython
0
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2024-11-30 05:15:14 +08:00
Code Issues Packages Projects Releases Wiki Activity
124,591 Commits 6 Branches 593 Tags 2.8 GiB
main
Commit Graph

3 Commits

Author SHA1 Message Date
Petr Viktorin
d20c43d8e2
gh-107562: Update test certificates to expire far in the future (GH-125104) 
Generated with Lib/test/certdata/make_ssl_certs.py
using openssl-3.2.2-3.fc40.x86_64 (Fedora 40).
 2024-10-09 11:17:02 +02:00
William Woodruff
0876b921b2
gh-107361: strengthen default SSL context flags (#112389) 
This adds `VERIFY_X509_STRICT` to make the default
SSL context perform stricter (per RFC 5280) validation, as well
as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant
path-building behavior.

As part of this changeset, I had to tweak `make_ssl_certs.py`
slightly to emit 5280-conforming CA certs. This changeset includes
the regenerated certificates after that change.

Signed-off-by: William Woodruff <william@yossarian.net>
Co-authored-by: Victor Stinner <vstinner@python.org>
 2024-03-06 13:44:58 -08:00
Nikita Sobolev
e57ecf6bbc
gh-108303: Move all certificates to Lib/test/certdata/ (#109489) 2023-09-16 18:47:18 +02:00