diff options
| author | Shane Harvey <shane.harvey@mongodb.com> | 2020-08-05 16:48:51 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-08-05 18:48:51 -0500 |
| commit | 33c5499ce34f5e1c7c2630c6a1446353eee31755 (patch) | |
| tree | 45f4871892c7b5e29e46fca2009e5cf77dc9eaa8 /CHANGELOG.rst | |
| parent | bb971ae935059b73830ea2abe3f66391125b2bfb (diff) | |
| download | pyopenssl-git-33c5499ce34f5e1c7c2630c6a1446353eee31755.tar.gz | |
Allow accessing a connection's verfied certificate chain (#894)
* Allow accessing a connection's verfied certificate chain
Add X509StoreContext.get_verified_chain using X509_STORE_CTX_get1_chain.
Add Connection.get_verified_chain using SSL_get0_verified_chain if
available (ie OpenSSL 1.1+) and X509StoreContext.get_verified_chain
otherwise.
Fixes #740.
* TLSv1_METHOD -> SSLv23_METHOD
* Use X509_up_ref instead of X509_dup
* Add _openssl_assert where appropriate
* SSL_get_peer_cert_chain should not be null
* Reformat with black
* Fix <OpenSSL.crypto.X509 object at 0x7fdbb59e8050> != <OpenSSL.crypto.X509 object at 0x7fdbb59daad0>
* Add Changelog entry
* Remove _add_chain
Diffstat (limited to 'CHANGELOG.rst')
| -rw-r--r-- | CHANGELOG.rst | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d2c92e3..9ceedd0 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -21,14 +21,14 @@ Deprecations: - Deprecated ``OpenSSL.crypto.loads_pkcs7`` and ``OpenSSL.crypto.loads_pkcs12``. -*none* - - Changes: ^^^^^^^^ - Added ``Context.set_keylog_callback`` to log key material. `#910 <https://github.com/pyca/pyopenssl/pull/910>`_ +- Added ``OpenSSL.SSL.Connection.get_verified_chain`` to retrieve the + verified certificate chain of the peer. + `#894 <https://github.com/pyca/pyopenssl/pull/894>`_. 19.1.0 (2019-11-18) |