mirror of
https://github.com/python/cpython.git
synced 2024-11-21 21:09:37 +01:00
0876b921b2
This adds `VERIFY_X509_STRICT` to make the default SSL context perform stricter (per RFC 5280) validation, as well as `VERIFY_X509_PARTIAL_CHAIN` to enforce more standards-compliant path-building behavior. As part of this changeset, I had to tweak `make_ssl_certs.py` slightly to emit 5280-conforming CA certs. This changeset includes the regenerated certificates after that change. Signed-off-by: William Woodruff <william@yossarian.net> Co-authored-by: Victor Stinner <vstinner@python.org>
19 lines
971 B
Plaintext
Generated
19 lines
971 B
Plaintext
Generated
# Taken from x509-limbo's `rfc5280::aki::leaf-missing-aki` testcase.
|
|
# See: https://x509-limbo.com/testcases/rfc5280/#rfc5280akileaf-missing-aki
|
|
-----BEGIN EC PRIVATE KEY-----
|
|
MHcCAQEEIF5Re+/FP3rg+7c1odKEQPXhb9V65kXnlZIWHDG9gKrLoAoGCCqGSM49
|
|
AwEHoUQDQgAE1WAQMdC7ims7T9lpK9uzaCuKqHb/oNMbGjh1f10pOHv3Z+oAvsqF
|
|
Sv3hGzreu69YLy01afA6sUCf1AA/95dKkg==
|
|
-----END EC PRIVATE KEY-----
|
|
-----BEGIN CERTIFICATE-----
|
|
MIIBjjCCATWgAwIBAgIUVlBgclml+OXlrWzZfcgYCiNm96UwCgYIKoZIzj0EAwIw
|
|
GjEYMBYGA1UEAwwPeDUwOS1saW1iby1yb290MCAXDTcwMDEwMTAwMDAwMVoYDzI5
|
|
NjkwNTAzMDAwMDAxWjAWMRQwEgYDVQQDDAtleGFtcGxlLmNvbTBZMBMGByqGSM49
|
|
AgEGCCqGSM49AwEHA0IABNVgEDHQu4prO0/ZaSvbs2griqh2/6DTGxo4dX9dKTh7
|
|
92fqAL7KhUr94Rs63ruvWC8tNWnwOrFAn9QAP/eXSpKjWzBZMB0GA1UdDgQWBBS3
|
|
yYRQQwo3syjGVQ8Yw7/XRZHbpzALBgNVHQ8EBAMCB4AwEwYDVR0lBAwwCgYIKwYB
|
|
BQUHAwEwFgYDVR0RBA8wDYILZXhhbXBsZS5jb20wCgYIKoZIzj0EAwIDRwAwRAIg
|
|
BVq7lw4Y5MPEyisPhowMWd4KnERupdM5qeImDO+dD7ICIE/ksd6Wz1b8rMAfllNV
|
|
yiYst9lfwTd2SkFgdDNUDFud
|
|
-----END CERTIFICATE-----
|